一种基于带权CAT的DDoS分布式检测方法  被引量:2

A Distributed Detection Scheme Based on Weighted CAT against DDoS

在线阅读下载全文

作  者:周再红[1] 谢冬青[2] 熊伟[1] 杨小红[3] 

机构地区:[1]湖南大学计算机与通信学院,湖南长沙410082 [2]广州大学计算机科学与教育软件学院,广东广州510006 [3]湖南大学软件学院,湖南长沙410082

出  处:《武汉大学学报(理学版)》2008年第5期626-630,共5页Journal of Wuhan University:Natural Science Edition

基  金:国家自然科学基金(60673156);教育部科学技术重点项目(105129)

摘  要:针对DCD(distributed change-point detection)方案存在受害端开销大、检测率低等问题,提出了一种基于带权CAT(change aggregation trees)的检测方案.采用分布式分级体系结构,将检测任务分布到互联网源端、中间网络和受害端,实现攻击的早期检测;利用CUSUM算法对微小变化的敏感性,在源端主机和中间网络的路由器处进行基于到达目标数据包数量的检测以及基于超级流聚合变化的检测;受害端进行基于域树权重的检测.实验和分析表明,CAT方案对UDP攻击的检测率从DCD的最高0.72提高到0.94,TCP攻击检测率也略有提高;网络的通信开销和受害端的存储开销从o(mnk)降为o(mk),受害端的计算开销从o(mn)降为o(m).系统在实现检测的同时,获得了攻击路径和攻击的准确位置,实现了DDoS攻击的分布式追踪.In order to solve the problem about heavy overhead at the victim end and low detection rate in DCD scheme, a new detection scheme is proposed based on weighted CAT. By designing a Multi-tier distributed architecture, the detection task is distributed to the source end, the intermediate network, and the victim end over the Internet to implement the early detection of attacks. Using the sensitivity of CU- SUM algorithm to slight changes, the detection is carried out based on the quantity of outgoing packets to a destination address at the source end host as well as the super stream aggregation change at the intermediate network. The victim end detection is based on the weight of AS tree. Experimental results and analysis indicate that the detection rate for UDP attacks is raised from 0.72 in DCD to 0.94 in CAT and the detection rate for TCP attacks is improved too; the overhead of the network communication and the storage is reduced from o(mnk) to o(mk), the cost of computation from o(mn) to o(m). The system attains the attack path and the exact host or router or domain where the anomaly is observed during the detection of suspicious abnormality. Once a DDoS attack is detected,the distributed traceback is performed.

关 键 词:分布式拒绝服务攻击 分布式检测 变化聚合树 CUSUM算法 协作检测 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象