摘要: 目前应用层DDoS攻击严重危害互联网的安全。现有的检测方法只针对某种特定的应用层DDoS攻击,而不能识别应用层上其它的DDoS攻击。为了能快速有效地识别出多种应用层DDoS攻击,提出一种基于请求关键词的应用层DDoS攻击检测方法,该方法以单位时间内请求关键词的频率分布差和个数作为输入,采用隐马尔可夫模型来检测应用层DDoS攻击。实验结果表明,该方法对应用层上的多种DDoS攻击都具有很高的检测率和较低的误报率。
[1] Worldwide Infrastructure Security Report 2010[EB/OL].ht-tp://www.arbornetworks.com/report [2] 孙长华,刘斌.分布式拒绝服务攻击研究新进展综述[J].电子学报,2009,4(7):1562-1570 [3] 李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,5(4):791-796 [4] 杨新宇,杨树森,李娟.基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J].计算机学报,2011,4(2):395-405 [5] 谢柏林,余顺争,王宇.应用层异常检测方法研究[J].计算机科学,2009,36(4):21-24 [6] Xie Y,Yu F,Achan K,et al.Spamming Botnets:Signatures and Characteristics[J].ACM SIGCOMM Computer Communication Review,2008,38(4):171-182 [7] Yu J,Fang C,Lu L,et al.A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks[J].Scalable Information Systems,2009,8:175-191 [8] Ranjan S,Swaminathan R,Uysal M,et al.DDoS-Shield:DDoS-resilient Scheduling to Counter Application Layer Attacks[J].IEEE/ACM Transactions on Networking,2009,17(1):26-39 [9] 肖军,云晓春,张永铮.基于会话异常度模型的应用层分布式拒绝服务攻击过滤[J].计算机学报,2010,3(9):1713-1724 [10] Xie Y,Yu S Z.Monitoring the Application-Layer DDoS Attacks for Popular Websites[J].IEEE/ACM Transactions on Networking,2009,7(1):15-25 [11] Wen S,Jia W,Zhou W,et al.CALD:Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd[C]∥The 4th International Conference on Network and System Security.2010:247-254 [12] Hakem B,Geert D.Trackling Application-layer DDoS Attacks[J].Procedia Computer Science,2012,0:432-441 [13] Nagamalai D,Dhinakaran C,Lee J K.Novel Mechanism to Defend DDoS Attacks Caused by Spam[J].International Journal of Smart Home,2007,1(2):83-95 [14] 谢柏林,余顺争.基于应用层协议关键词序列的应用层异常检测方法[J].计算机研究与发展,2011,48(1):159-168 [15] Wang K,Stolfo S J.Anomalous Payload-Based Network Intrusion Detection[C]∥The Seventh International Symposium on Recent Advances in Intrusion Detection.2004:203-222 [16] Rabiner L R.A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition[J].Proceedings of the IEEE,1989,77(2):257-286 [17] DoSHTTP[EB/OL]:http://www.socketsoft.net/ [18] Mahoney M V,Chan P K.An Analysis of The 1999DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection[C]∥The Sixth International Symposium on Recent Advances in Intrusion Detection.2003:220-237 |
No related articles found! |
|