| 一种拒绝服务攻击识别算法 |
| |
| 引用本文: | 蒋卫华,史兴键,杜君. 一种拒绝服务攻击识别算法[J]. 西北工业大学学报, 2003, 21(4): 398-401 |
| |
| 作者姓名: | 蒋卫华 史兴键 杜君 |
| |
| 作者单位: | 西北工业大学,计算机科学与工程系,陕西,西安,710072 |
| |
| 基金项目: | 国家 8 6 3计划 ( 2 0 0 1AA14 2 10 0 ),教育部博士点基金,航空科学基金( 0 2 F5 30 35 ),西北工业大学青年科技创新基金 |
| |
| 摘 要: | 分析了DoS(Denial of Service)拒绝服务攻击的攻击行为以及受攻击方的表现,并提出了解决方案。对拒绝服务攻击的原理、危害,常见工具、常见防御手段作了论述,用图表分析了受攻击方的网络流量情况,最后提出了基于流量分析的攻击识别算法。该算法能有效地降低识别的误报率。
|
| 关 键 词: | 拒绝服务攻击 网络带宽 攻击识别算法 |
| 文章编号: | 1000-2758(2003)04-0398-04 |
| 修稿时间: | 2002-06-23 |
An Algorithm for Recognizing Denial of Service (DoS) Attack |
| |
| Jiang Weihua,Shi Xingjian,Du Jun. An Algorithm for Recognizing Denial of Service (DoS) Attack[J]. Journal of Northwestern Polytechnical University, 2003, 21(4): 398-401 |
| |
| Authors: | Jiang Weihua Shi Xingjian Du Jun |
| |
| Abstract: | DoS attacks have become increasingly serious in China. We offer an algorithm for recognizing DoS attack, if not at the beginning of the attack, at least as soon as serious denial of service occurs. Section 2 discusses in much detail our algorithm for recognizing DoS attack based on the increase of incoming network bandwidth. As the incoming network bandwidth increases, the bandwidth available for service decreases. Our algorithm calculates the slope of the change of incoming network bandwidth; when this slope exceeds a previously set limit, we know that a DoS attack occurs. At the end of section 2, we give four aspects in detail that need to be paid careful attention when implementing our algorithm. Section 3 describes our testing environment under which the recognizing capabilities of various tools were examined; the false positive rate of our algorithm is only 10% whereas that of Snort, the best of other tools, is about 40%. |
| |
| Keywords: | DoS(Denial of Service) attack network bandwidth attack recognition algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
