基于信号互相关的低速率拒绝服务攻击检测方法

低速率拒绝服务LDoS（Low-rate Denial of Service）攻击是一种基于TCP/IP协议漏洞，采用密集型周期性脉冲的攻击方式.本文针对分布式LDoS攻击脉冲到达目标端的时序关系，提出基于互相关的LDoS攻击检测方法.该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性，得到相关序列，采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间，利用无周期单脉冲预测技术估计LDoS攻击的周期参数，提取LDoS攻击的脉冲持续时间的相关性特征，并设计判决门限规则.实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能.

Detecting Low-Rate DoS Attacks Based on Signal Cross-Correlation

Low-rate Denial of Service (LDoS) attack is TCP-targeted attack,which attempts to deny bandwidth of TCP flows.LDoS attacks send intensive periodic pulses at sufficiently low average rate to elude detection of DoS defense system.Based on the sequence relation between the distributed LDoS attack pulses arriving at the destination,a cross-correlation LDoS attack detection method is proposed by using cyclic convolution.This method builds a detection sequence for the purpose of exploring the timing relationship for distributed LDoS attack pulses arriving at the specific destination.Through computing the relation between the constructed detection sequence and sampled network flow sequence,the cross sequence is obtained.The cyclic convolution cross-relation algorithm is utilized to compute the precise time that the attack pulses arriving at the specific destination through different transferring channels.With nonperiodic monopulse prediction technology,the periodic parameters of LDoS attack are estimated,the relation characteristic of the pulse durations of LDoS attacks is extracted,and the threshold rules are designed.Experimental results show that the proposed algorithm of LDoS attack detection based on signal correlation achieves good detection performance.