基于欧氏空间距离计算的SynFlood攻击检测方法进一步讨论  

Further Discussion on SynFlood Attack Detection Based on Distance Computation in Space Geometry

在线阅读下载全文

作  者:刘辉宇[1] 陈凯[1] 彭涛[1,2] 陈晓苏[1] 

机构地区:[1]华中科技大学计算机科学与技术学院,武汉430074 [2]武汉纺织大学计算机科学学院,武汉430073

出  处:《计算机科学》2011年第12期82-87,共6页Computer Science

基  金:国家自然科学基金(60873030)资助

摘  要:基于TCP协议中Syn,Fin和Rst 3种报文段的关系,提出了一种新的SynFlood攻击检测方法:将Syn,Fin和Rst 3者之间的关系映射到欧氏空间中,将某一时间段内的Syn,Fin和Rst的关系映射为一个点,将无攻击行为存在时的Syn,Fin和Rst之间的关系映射为一条线,分析点与线之间的距离来检测SynFlood攻击,同时使用移动平均技术对上述距离进行平滑处理,以提高检测效率和准确度。实验结果表明,该方法对直接式SynFlood攻击和反射式SynFlood攻击均具有较好的检测准确度,并且产生的误报率较低,数据报文处理能力较高,能够部署于大中型网络的骨干路由器上。This paper gave a new method to detect the SynFlood attack by analyzing the relationship between Syn seg- ment, Fin segment and Rst segment in TCP protocol. Firstly, the relationship between Syn segment, Fin segment and Rst segment is mapped to Space Geo-metry: the relationship in a given time frame is mapped to one point in Space Geo- metry while that when no attack behavior exists is mapped to a line in Space Geometry. The distance between the point to the line can hence be used to detect and determine the SynFlood attack. Furthermore,the efficiency and accuracy are improved by using moving average technology which can anti-aliasing the distance discribed above. The experimental re- sult shows that the method can detect the direct SynFlood attack and the reflect SynFlood attack accurately and have low rate of false alarrrL Also the method can be deployed to mid-large scale networks because of its high performance for processing data packets.

关 键 词:Syn洪泛攻击 欧氏空间距离 偏离度 移动平均 攻击判别值 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象