| 基于流量行为的DDoS检测系统 |
| |
| 引用本文: | 张毅,刘强.基于流量行为的DDoS检测系统[J].计算机工程,2011,37(4):134-136. |
| |
| 作者姓名: | 张毅 刘强 |
| |
| 作者单位: | 重庆邮电大学通信与信息工程学院,重庆,400065 |
| |
| 基金项目: | 教育部科学技术研究基金资助重点项目,重庆市教委基金资助重点项目 |
| |
| 摘 要: | 针对传统攻击检测算法不能实时识别攻击源和受害者的问题,基于对单用户流量行为的分析,设计实现一种实时的DDoS洪流攻击检测和防御系统。通过周期性地检测每个用户发送和接收的流量,判断其是否满足TCP和UDP协议行为的时间同步性,从而有效识别攻击者、受害者和正常用户,并且实时过滤攻击流量和转发正常流量。测试结果表明,该系统能够在攻击早期实时地检测出攻击者并过滤其流量,防御效果明显。
|
| 关 键 词: | DDoS洪流攻击 实时性 单用户流量行为 无参数CUSUM算法 |
DDoS Detection System Based on Traffic Behavior |
| |
| ZHANG Yi,LIU Qiang.DDoS Detection System Based on Traffic Behavior[J].Computer Engineering,2011,37(4):134-136. |
| |
| Authors: | ZHANG Yi LIU Qiang |
| |
| Affiliation: | (College of Communication and Information Engineering,Chongqing University of Posts and Telecommunications,Chongqing 400065,China) |
| |
| Abstract: | Because many traditional detection algorithms can not real time inspect the attack source and the victim, based on single-user traffic behavioral analysis, this paper presents a real-time DDoS flooding attack detection and prevention system. Based on the time synchronization of TCP and UDP protocol behavior, through periodically detecting every single IP user's sending and receiving traffic and judging whether its traffic behaviors meet the synchronization or not. This system can effectively recognize attackers, victims and normal users, and real time filter attackers' traffic and forward normal users' packets. Experimental results show that the system can make a real-time detection for DDoS flooding attacks and determine the attacker at the early attacking stage, and the defense effect is obvious. |
| |
| Keywords: | DDoS flooding attack real-time single-user traffic behavior non-parametric CUSUM algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
