计算机科学

计算机科学 ›› 2013, Vol. 40 ›› Issue (7): 121-125.

• 信息安全 • 上一篇    下一篇

基于请求关键词的应用层DDoS攻击检测方法

谢柏林,蒋盛益,张倩生   

  1. 广东外语外贸大学思科信息学院 广州510006;广东外语外贸大学思科信息学院 广州510006;广东外语外贸大学思科信息学院 广州510006
  • 出版日期:2018-11-16 发布日期:2018-11-16
  • 基金资助:
    本文受国家自然科学基金项目(61202271,61070154),广东省自然科学基金项目(S2012040007184),教育部人文社会科学研究青年基金项目(12YJCZH281),广州市哲学社会科学规划项目(2012GJ31)资助

Application-layer DDoS Attack Detection Based on Request Keywords

XIE Bai-lin,JIANG Sheng-yi and ZHANG Qian-sheng   

  • Online:2018-11-16 Published:2018-11-16

PDF (PC)

380

摘要: 目前应用层DDoS攻击严重危害互联网的安全。现有的检测方法只针对某种特定的应用层DDoS攻击,而不能识别应用层上其它的DDoS攻击。为了能快速有效地识别出多种应用层DDoS攻击,提出一种基于请求关键词的应用层DDoS攻击检测方法,该方法以单位时间内请求关键词的频率分布差和个数作为输入,采用隐马尔可夫模型来检测应用层DDoS攻击。实验结果表明,该方法对应用层上的多种DDoS攻击都具有很高的检测率和较低的误报率。

关键词: DDoS攻击,请求关键词,隐马尔可夫模型,应用层 中图法分类号TP393文献标识码A

Abstract: Today,the application-layer DDoS attacks may cause great harm to the security of the Internet.Existing detection methods lack the versatility,i.e.,an approach only focuses on one particular application-layer DDoS attack.In order to quickly and effectively identify several different application-layer DDoS attacks,this paper presented a detection method based on request keywords.In this method,the input is the number and frequency distribution distance of request keywords per unit time.Then,the hidden markov model is used to detect application-layer DDoS attacks.The experimental results show that the proposed method is valid to discover several different application-layer DDoS attacks with relatively high detection ratio and low false positive ratio.

Key words: DDoS attack,Request keyword,Hidden markov model,Application-layer

[1] Worldwide Infrastructure Security Report 2010[EB/OL].ht-tp://www.arbornetworks.com/report
[2] 孙长华,刘斌.分布式拒绝服务攻击研究新进展综述[J].电子学报,2009,4(7):1562-1570
[3] 李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,5(4):791-796
[4] 杨新宇,杨树森,李娟.基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J].计算机学报,2011,4(2):395-405
[5] 谢柏林,余顺争,王宇.应用层异常检测方法研究[J].计算机科学,2009,36(4):21-24
[6] Xie Y,Yu F,Achan K,et al.Spamming Botnets:Signatures and Characteristics[J].ACM SIGCOMM Computer Communication Review,2008,38(4):171-182
[7] Yu J,Fang C,Lu L,et al.A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks[J].Scalable Information Systems,2009,8:175-191
[8] Ranjan S,Swaminathan R,Uysal M,et al.DDoS-Shield:DDoS-resilient Scheduling to Counter Application Layer Attacks[J].IEEE/ACM Transactions on Networking,2009,17(1):26-39
[9] 肖军,云晓春,张永铮.基于会话异常度模型的应用层分布式拒绝服务攻击过滤[J].计算机学报,2010,3(9):1713-1724
[10] Xie Y,Yu S Z.Monitoring the Application-Layer DDoS Attacks for Popular Websites[J].IEEE/ACM Transactions on Networking,2009,7(1):15-25
[11] Wen S,Jia W,Zhou W,et al.CALD:Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd[C]∥The 4th International Conference on Network and System Security.2010:247-254
[12] Hakem B,Geert D.Trackling Application-layer DDoS Attacks[J].Procedia Computer Science,2012,0:432-441
[13] Nagamalai D,Dhinakaran C,Lee J K.Novel Mechanism to Defend DDoS Attacks Caused by Spam[J].International Journal of Smart Home,2007,1(2):83-95
[14] 谢柏林,余顺争.基于应用层协议关键词序列的应用层异常检测方法[J].计算机研究与发展,2011,48(1):159-168
[15] Wang K,Stolfo S J.Anomalous Payload-Based Network Intrusion Detection[C]∥The Seventh International Symposium on Recent Advances in Intrusion Detection.2004:203-222
[16] Rabiner L R.A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition[J].Proceedings of the IEEE,1989,77(2):257-286
[17] DoSHTTP[EB/OL]:http://www.socketsoft.net/
[18] Mahoney M V,Chan P K.An Analysis of The 1999DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection[C]∥The Sixth International Symposium on Recent Advances in Intrusion Detection.2003:220-237
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发