| 基于HMM的分布式拒绝服务攻击检测方法 |
| |
| 引用本文: | 孙永强,徐昕,黄遵国.基于HMM的分布式拒绝服务攻击检测方法[J].微电子学与计算机,2006,23(10):176-177,180. |
| |
| 作者姓名: | 孙永强 徐昕 黄遵国 |
| |
| 作者单位: | 1. 国防科技大学,计算机学院,湖南,长沙,410073
2. 国防科技大学,机电工程与自动化学院,湖南,长沙,410073 |
| |
| 摘 要: | 文章根据分布式拒绝服务攻击(DDoS)的本质特点,提出了一种基于隐马尔可夫模型(HMM)的DDoS攻击检测方法。该方法通过IP地址信息库.保存当前常用服务的源IP地址,然后对新到数据包的IP地址用HMM建模。通过离线训练,更新IP地址信息库,优化HMM参数。在线检测时,IP地址信息库在线学习更新,HMM实时检测.并根据检测结果通过边界路由器进行积极响应。实验结果显示,该方法具有很好的检测效果,并能及时响应,保持常用服务的延续性。
|
| 关 键 词: | 分布式拒绝服务 隐马尔可夫模型 学习机制 |
| 文章编号: | 1000-7180(2006)10-0176-02 |
| 收稿时间: | 2006-06-29 |
| 修稿时间: | 2006-06-29 |
A DDoS Attack Detection Method Based on Hidden Markov Model |
| |
| SUN Yong-qiang,XU Xin,HUANG Zun-guo.A DDoS Attack Detection Method Based on Hidden Markov Model[J].Microelectronics & Computer,2006,23(10):176-177,180. |
| |
| Authors: | SUN Yong-qiang XU Xin HUANG Zun-guo |
| |
| Affiliation: | 1. School of Computer Science, National University of Defense Technology, Changsha 410073, China;2. College of Mechan. Engin. and Auto., National University of Defense Technology, Changsha 410073, China |
| |
| Abstract: | On the basis of the inherent feature of distributed denial of service (DDoS) attacks, a novel approach of detection of DDoS attacks based on hidden Markov model (HMM) is proposed. We first build an IP addresses database, which keeps all the legitimate IP addresses which have previously appeared in the network, and then established HMM, which is based on the new IP addresses of normal network data packet. HMM and IP address database is trained separately though off-line training. The model is then used to detect the DDoS attacks by processing the network traffic and the edge router is used to decide whether to admit an incoming IP packet. Experimental results show that this method works very well on the DDoS attacks in adaptability and detection accuracy. |
| |
| Keywords: | Distributed denial of service Hidden Markov model Learning mechanism |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
