| 一种基于相似度的DDoS攻击检测方法 |
| |
| 引用本文: | 何慧,张宏莉,张伟哲,方滨兴,胡铭曾,陈雷. 一种基于相似度的DDoS攻击检测方法[J]. 通信学报, 2004, 25(7): 176-184 |
| |
| 作者姓名: | 何慧 张宏莉 张伟哲 方滨兴 胡铭曾 陈雷 |
| |
| 作者单位: | 哈尔滨工业大学,计算机信息安全研究中心,黑龙江,哈尔滨,150001 |
| |
| 基金项目: | 国家“863”高技术研究发展计划研究基金资助项目(2002AA142020) |
| |
| 摘 要: | 在分析了网络流量构成的基础上,提出了基于相似度的DDoS检测方法。这种方法不是简单的根据流量的突变来检测网络状况,而是从分析攻击对流量分布的影响着手。首先对网络流量进行高频统计,然后对其相邻时刻进行相似度分析,根据相似度的变化来发现异常。从大量的实验结果可以看出基于相似度的检测方法能够比较有效的发现大流量背景下,攻击流量并没有引起整个网络流量显著变化的DDoS攻击,因此更适合大规模网络的异常检测。
|
| 关 键 词: | 异常检测 DDoS检测 相似度 高频统计 |
| 文章编号: | 1000-436X(2004)07-0176-09 |
| 修稿时间: | 2004-02-10 |
A DDoS intrusion detection method based on likeness |
| |
| HE Hui,ZHANG Hong-li,ZHANG Wei-zhe,FANG Bin-xing,HU Ming-zeng,CHEN Lei. A DDoS intrusion detection method based on likeness[J]. Journal on Communications, 2004, 25(7): 176-184 |
| |
| Authors: | HE Hui ZHANG Hong-li ZHANG Wei-zhe FANG Bin-xing HU Ming-zeng CHEN Lei |
| |
| Abstract: | The paper proposes a DDoS intrusion detection method based on likeness through analyzing characteristics of the network traffic. This method detects the state of network not by burst net flow but by the impact of the traffic distribution. First, we focus on the high frequency statistics result, then analyze its likeness of adjacent time and detect the abnormality. According to a great number of experiments, the intrusion detection method based on likeness can find out the DDoS intrusion against the large scale network traffic, which does not arouse the sharp changes of the network traffic. |
| |
| Keywords: | anomaly detection DDoS detection likeness high frequency statistics |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
