检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘运[1] 殷建平[1] 程杰仁[1] 蔡志平[1]
机构地区:[1]国防科学技术大学计算机学院,湖南长沙410073
出 处:《计算机工程与科学》2011年第4期1-7,共7页Computer Engineering & Science
基 金:国家自然科学基金资助项目(60603062);湖南省教育厅资助科研项目(07C718);湖南省自然科学基金资助项目(06JJ3035);公安部应用创新计划(2007YYCXHNST072)
摘 要:分布式增速拒绝服务(DIDoS)攻击采用逐步提升发包速率的方式来造成受害者资源的慢消耗,较之传统的分布式拒绝服务(DDoS)攻击更具隐蔽性,如何尽可能早地将其捕获是一个亟待研究的问题。本文针对DIDoS攻击的特点,提出了一种基于改进AAR模型的DIDoS攻击早期检测方法。为此,首先提出了一组基于条件熵的检测特征:流特征条件熵(TFCE),用以反映DIDoS攻击流速的增长变化;然后根据改进的AAR模型对TFCE值进行多步预测;最后采用经过训练的SVM分类器对预测值进行分类,以识别攻击企图。实验结果表明,在保证检测精度相当的前提下,该方法比部分现有方法能够更快检测到攻击。Distributed Increasing-rate Denial-of-Service(DIDoS) attacks gradually increase the sending rate of packets to exhaust the victim's resources slowly,so DIDoS attacks have a higher concealment than the traditional DDoS attacks.How to detect DIDoS attacks as soon as possible is an urgent problem we should study.In view of the characteristics of DIDoS attacks,a novel approach for early detection based on an improved adaptive autoregressive(AAR) model is proposed.In this approach,a set of novel detection features based on the conditional entropy called the Traffic Feature Conditional Entropy(TFCE),are used to reflect the increase of DIDoS attack traffic rate.Then an improved AAR model is used to predict the multistep TFCE values.Finally a trained SVM classifier is adopted to identify the tendency of attacks by classifying the predicted TFCE values.The experimental results demonstrate that our approach can not only guarantee the comparative precision of detection but also detect DIDoS attacks more quickly than some existing approaches.
关 键 词:分布式增速拒绝服务攻击 流特征条件熵 自适应自回归 支持向量机
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.229