| 基于变动和式累积检验算法的DDoS攻击检测 |
| |
| 引用本文: | 刘志雷.基于变动和式累积检验算法的DDoS攻击检测[J].计算机仿真,2009,26(3). |
| |
| 作者姓名: | 刘志雷 |
| |
| 作者单位: | 中国科学技术大学,电子工程与信息科学系,安徽,合肥,230027 |
| |
| 摘 要: | 在SYN Flooding攻击检测中,为了检测算法能够实时快速准确地完成检测功能,在异常发生时能够在最短时间内发出警告,同时又必须保证警告结果的准确.根据网络TCP通信业务中SYN数据包与FIN(RST)数据包流量的变化特点,利用变动和式累积检验算法PCUSUM建立检测系统,对归一化后的SYN包与FIN(RST)包差值进行实时监控,检测网络流量异常.检测过程中,算法不需要建立正常业务和攻击行为的详细模型,仿真结果表明,在保持相同检测准确度情况下,算法对SYN Flooding攻击具有较短的报警时间,提高了检测系统的性能.
|
| 关 键 词: | 湮没攻击 拒绝服务攻击 攻击端检测 变动和式累积检验算法 |
Detection of DDoS Attacks Based on PCUSUM Algorithm |
| |
| LIU Zhi-lei.Detection of DDoS Attacks Based on PCUSUM Algorithm[J].Computer Simulation,2009,26(3). |
| |
| Authors: | LIU Zhi-lei |
| |
| Affiliation: | Department of Electronic Engineering & Information Science;University of Science & Technology of China;Hefei Anhui 230027;China |
| |
| Abstract: | The security system against SYN Flooding attacks requires a quick and accurate detection algorithm that can alert in best time when abnormity emerges.The core detection mechanism of the system is based on the protocol behavior of TCP SYN-FIN(RST) pairs,and employs PCUSUM algorithm to trace the difference normalized between them in real time and detects network flow abnormity.The algorithm doesn't need a detailed model of normal and attack traffic.Simulation experiments indicate that the algorithm has higher... |
| |
| Keywords: | |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
