计算机科学 ›› 2022, Vol. 49 ›› Issue (11A): 211000089-5.doi: 10.11896/jsjkx.211000089
陆炫廷, 蔡瑞杰, 刘胜利
LU Xuan-ting, CAI Rui-jie, LIU Sheng-li
摘要: 近年来,DDOS攻击的频率和规模日益扩大,对网络安全造成了极大挑战。其中,UDP反射放大攻击因其攻击成本低、攻击流量巨大、难以追踪溯源等特征成为了黑客青睐的攻击手段。当前的过滤和防御策略大多来源于受攻击后的分析与复盘,面对层出不穷的新型UDP反射攻击存在一定的被动性和滞后性。文中提出了一种基于流量分析来发现存在UDP反射放大潜力的未公开协议的方法。该方法立足放大性和反射性这两个根本特征,从日常网络流量中筛选出符合反射放大特性的流量样本,然后通过重放攻击验证样本是否具备可重复性,记录符合条件的样本,用于对相关服务协议进行研究,最终成功发现新型未公开反射放大协议。用所提方法构建的检测程序,在实验环境和互联网中分别进行了准确率及处理速率测试,成功发现了多种反射放大协议,以积极主动的方式来防御可能出现的反射放大攻击。
中图分类号:
[1]PRINCE M.Technical Details Behind a 400Gbs NTP Amplification DDos Attack[EB/OL].(2014-02-13) [2021-10-12].https://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/. [2]NEWMAN L H.GitHub Survived the Biggest DDoS AttackEver Recorded [EB/OL].(2018-03-01) [2021-10-12].https://www.wired.com/story/github-ddos-memcached/?utm_source=quora. [3]US-CERT.UDP-Based Amplification Attacks [EB/OL].(2019-12-18) [2021-10-12].https://www.wired.com/story/github-ddos-memcached/?utm_source=quora. [4]PAXSON V.An analysis of using reflectors for distributed denial-of-service attacks [J].ACM SIGCOMM Computer Communication Review,2001,31(3):38-47. [5]ROSSOW C.Amplification Hell,Revisiting Network Protocols for DDoS Abuse[C]//Proceedings of the 2014 Network and Distributed Systems Security Symposium(NDSS 2014).2014:23-26. [6]XU Y,KENSHIN.CLDAP is Now the No.3 Reflection Amplified DDoS Attack Vector,Surpassing SSDP and CharGen [EB/OL].(2017-11-01) [2021-10-12].https://blog.netlab.360.com/cldap-is-now-the-3rd-reflection-amplified-ddos-attack-vector-surpassing-ssdp-and-chargen-en/. [7]BARRY G.Memcached on port 11211 UDP & TCP being exploited [EB/OL].(2018-02-27) [2021-10-12].https://www.senki.org/memcached-on-port-11211-udp-tcp-being-exploited/. [8]RESPETO J.New ddos vector observed in the wild:wsd attacks hitting 35/GBPS [EB/OL].(2019-09-27) [2021-10-12].https://blogs.akamai.com/sitr/2019/09/new-ddos-vector-obser-ved-in-the-wild-wsd-attacks-hitting-35gbps.html. [9]ZHOU W F.Research on detection and response technology of udp reflection attack[D].Nanjing:Southeast University,2018. |
[1] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[2] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[3] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[4] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[5] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[6] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[7] | 杨亚红, 王海瑞. 基于Renyi熵和BiGRU算法实现SDN环境下的DDoS攻击检测方法 DDoS Attack Detection Method in SDN Environment Based on Renyi Entropy and BiGRU Algorithm 计算机科学, 2022, 49(6A): 555-561. https://doi.org/10.11896/jsjkx.210800095 |
[8] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[9] | 王珏, 芦斌, 祝跃飞. 对抗性网络流量的生成与应用综述 Generation and Application of Adversarial Network Traffic:A Survey 计算机科学, 2022, 49(11A): 211000039-11. https://doi.org/10.11896/jsjkx.211000039 |
[10] | 赵宏, 常有康, 王伟杰. 深度神经网络的对抗攻击及防御方法综述 Survey of Adversarial Attacks and Defense Methods for Deep Neural Networks 计算机科学, 2022, 49(11A): 210900163-11. https://doi.org/10.11896/jsjkx.210900163 |
[11] | 杨浩, 闫巧. 基于差分进化算法的字符对抗验证码生成方法 Adversarial Character CAPTCHA Generation Method Based on Differential Evolution Algorithm 计算机科学, 2022, 49(11A): 211100074-5. https://doi.org/10.11896/jsjkx.211100074 |
[12] | 王清旭, 董理君, 贾伟, 刘超, 杨光, 吴铁军. 开放式环境下基于向量表征与计算的动态访问控制 Vector Representation and Computation Based Dynamic Access Control in Open Environment 计算机科学, 2022, 49(11A): 210900217-7. https://doi.org/10.11896/jsjkx.210900217 |
[13] | 吴吉胜, 洪征, 马甜甜, 林培鸿. 基于残差网络和循环神经网络混合模型的应用层协议识别方法 Application Layer Protocol Recognition Based on Residual Network and Recurrent Neural Network 计算机科学, 2022, 49(11): 293-301. https://doi.org/10.11896/jsjkx.210800252 |
[14] | 张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059 |
[15] | 周仕承, 刘京菊, 钟晓峰, 卢灿举. 基于深度强化学习的智能化渗透测试路径发现 Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning 计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057 |
|