| 基于流连接信息熵的DDoS攻击检测算法 |
| |
| 引用本文: | 赵继俊,胡志刚,张健.基于流连接信息熵的DDoS攻击检测算法[J].计算机工程,2007,33(16):139-141. |
| |
| 作者姓名: | 赵继俊 胡志刚 张健 |
| |
| 作者单位: | 中南大学信息科学与工程学院,长沙,410083 |
| |
| 摘 要: | 分析了分布式拒绝服务(DDoS)攻击的特点,提出了流连接信息熵的定义,并通过对流连接信息熵时间序列的分析,采用非参数CUSUM算法进行DDoS攻击检测。该检测方法对固定IP、端口号随机变化的DDOS攻击有比较好的检测效果。实验结果证明,该方法能够以较高的精确度及时地检测出DDoS 攻击行为。
|
| 关 键 词: | 分布式拒绝服务攻击 相关数据包 流连接信息熵 非参数CUSUM算法 |
| 文章编号: | 1000-3428(2007)16-0139-03 |
| 修稿时间: | 2006-10-18 |
DDoS Attacks Detection Algorithm Based on Flow Connection Entropy |
| |
| ZHAO Ji-jun,HU Zhi-gang,ZHANG Jian.DDoS Attacks Detection Algorithm Based on Flow Connection Entropy[J].Computer Engineering,2007,33(16):139-141. |
| |
| Authors: | ZHAO Ji-jun HU Zhi-gang ZHANG Jian |
| |
| Affiliation: | (School of Information Science & Engineering, Central South University, Changsha 410083) |
| |
| Abstract: | On the basis of analyzing the features of distributed denial of service (DDoS) attacks, flow connection entropy time series analysis is proposed. It uses non-parametric CUSUM algorithm to complete the detection task of DDoS attacks. It minimizes the average delay of detection for a given false alarm rate. It has better detection effect on the fixed source IP and random destination ports’s DDoS. Experimental result demonstrates this model can detect DDoS attack as early as possible with high detection accuracy. |
| |
| Keywords: | DDoS attack correlational packet flow connection entropy(FCE) non-parametric CUSUM algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
