检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]武汉大学计算机学院,武汉430072 [2]幸福人寿保险公司信息技术部,北京100027 [3]软件工程国家重点实验室(武汉大学),武汉430079 [4]中国信息安全评测中心,北京100085
出 处:《计算机研究与发展》2011年第3期432-439,共8页Journal of Computer Research and Development
基 金:国家自然科学基金项目(60773008;60642006)
摘 要:针对低速率拒绝服务攻击具有隐蔽性高、难以检测和及时响应的特点,提出了一种基于Q学习的LDoS攻击实时防御机制.该机制以终端自适应控制系统为保护对象,周期性地提取网络攻击特征参数,将其作为Q学习模块的输入参数,由Q学习模块进行最优防御的选择,优选出来的防御措施交与系统端执行.防御措施基于动态服务资源分配,根据系统当前运行状态对服务资源进行动态调整,从而保障正常服务请求的响应率.最后使用着色Petri网结合BP神经网络对攻击和防御过程进行了建模和仿真,结果表明:该方法具有较好的实时性和较高的灵敏性,能够对LDoS攻击行为进行实时响应,显著提高了系统防御的自动化程度.Different from traditional DoS attacks,low-rate DoS(LDoS)is stealthy,periodic and low-rate in attack volume,and is very hard to be detected and defended in time.Regarding these features of LDoS attack,we present a real-time mitigating mechanism based on Q-learning for LDoS attack.Taking the adaptation control system as the target of protecting,a Q-learning module implemented with BP-neutral network,which takes characteristic parameters extracted periodically from network as its input,is used to make choice of the best defense measures.The selected defense measure then is carried out by the victim system.Defense measures are designed based on dynamic service resource allocation.The mitigating mechanism adjusts the service capability of system in real time according to the system running state,so as to ensure the service quality offered to normal service requests.Finally,the attack scenario and whole mitigating process are modeled and simulated by CPN and BP neutral networks.And simulated results shows that our mitigating mechanism can relieve the effect of LDoS attack on victim system efficiently with high sensitivity.
关 键 词:低速率拒绝服务攻击 Q学习 实时防御 着色PETRI网 攻击建模
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.229