摘要: 针对分布式拒绝服务(DDoS)攻击产生的流量往往对路由器造成难以承受的负担的问题,提出一种既能减轻路由器负荷又能快速准确检测DDoS攻击的方法。该方法首先在路由器中构造端口对之间的流量矩阵来准确描述DDoS攻击的流量汇聚特性,然后利用Kalman滤波对流量矩阵进行估计,接着使用GLR统计测试进行异常检测,进而判断路由器端口是否受到DDoS攻击。最后,基于实际数据进行了仿真实验,结果表明,所提方法相比主成分分析(PCA)方法具有更高的检测率、更低的误检率和更小的检测延迟。
[1] Peng T,Leckie C,Rramaohanarao K.Protection from distributed denial of service attacks using history-based IP filtering[C]∥Proceedings of the International Conference on Communication (ICC).Anchorage:IEEE,2003:482-486 [2] Pu S.Choosing parameters for detecting DDoS attack[C]∥Proceedings of the International Conference on Wavelet Active Media Technology and Information Processing.Chengdu:IEEE Computer Society,2012:239-242 [3] Chen Y H,Wang K,Ku W S.Collaborative detection of DDoS attacks over multiple network domains[J].IEEE transactions on parallel and distributed systems,2007,18(12):1649-1662 [4] 莫家庆,胡忠望,林瑜华.非参数PCUSUM算法DDoS攻击检测[J].计算机工程与应用,2011,7(22):96-98 [5] 任勋益,王汝传,王海艳.基于自相似检测 DDoS 攻击的小波分析方法[J].通信学报,2006,7(5):6-11 [6] Thapngam T,Yu S,Zhou W L.DDoS discrimination by linear discriminant analysis (LDA)[C]∥Proceedings of the 2012International Conference on Computing,Networking and Communications (ICNC).Maui:IEEE Computer Society,2012:532-536 [7] Xia Z M,Lu S N,Li J H.DDoS flood attack detection based on fractal parameters[C]∥Proceedings of the 8th International Conference on Wireless Communications,Networking and Mobile Computing.Shanghai,IEEE,2012:1-5 [8] Lakhina A,Papagiannaki K,Crovella M,et al.Structural analysis of network traffic flow[C]∥Proceedings of the SIGMETRICS/Performance.New York:ACM,2004:61-72 [9] Lakhina A,Crovella M,Diot C.Diagnosing network-wide traffic anomalies[C]∥Proceedings of the SIGCOMM’04.Portland:ACM,2004:219-230 [10] Ringberg H,Soule A,Rexford J P,et al.Sensitivity of PCA for traffic anomaly detection[C]∥Proceedings of the SIGMETRICS’07.San Diego:ACM,2007:109-120 [11] Soule A,Salamatian K,Taft N.Combining filtering and statistical methods for anomaly detection[C]∥Proceedings of the USENIX Internet Measurement Conference.Philadelphia:ACM,2005:331-344 [12] Cisco IOS NetFlow White Papers [EB/OL]. http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html,2006-08-21 [13] Cisco NetFlow Performance Analysis White Papers [EB/OL].http://www.cisco.com/en/US/technologies/tk543/tk812/tech-nologies_white_paper0900aecd802a0eb9_ps6601_Products_White_Paper.html,2007-06-15 [14] Hawkinds D M,Qin P H,Kang C W.The changepoint model forstatistical process control [J].Journal of Quality Technology,2003,35(4):355-366 [15] Moore D,Voelker G M,Savge S.Inferring internet Denial-of-Service activity [J].ACM Transactions on Computer Systems,2006,24(2):115-139 |
No related articles found! |
|