基于快速独立成分分析的RoQ攻击检测方法  被引量:10

A Novel Method for Detecting Reduction of Quality(RoQ)Attack Based on Fast Independent Component Analysis

在线阅读下载全文

作  者:荣宏[1] 王会梅[1] 鲜明[1] 施江勇[1] 

机构地区:[1]国防科技大学电子信息系统复杂电磁环境效应国家重点实验室,长沙410073

出  处:《电子与信息学报》2013年第10期2307-2313,共7页Journal of Electronics & Information Technology

摘  要:降质服务(Reduction of Quality,RoQ)攻击比传统的拒绝服务攻击(Denial of Service,DoS)攻击更具有隐秘性和多变性,这使得检测该攻击十分困难。为提高检测准确率并及时定位攻击源,该文将攻击流量提取建模为一个盲源分离过程,提出了基于快速ICA(Independent Component Analysis)的攻击流特征提取算法,从若干观测网络和终端设备中分离出RoQ攻击流,然后提取表征攻击流的特征参数。接着设计了一种基于支持向量机的协同检测系统和检测算法,通过用已标记的有攻击和无攻击的样本训练SVM分类器,最终实现RoQ攻击的检测。仿真结果表明该方法能够有效检测并定位伪造IP地址的RoQ攻击,检测率达到90%以上,而选取合适的ICA参数会提高检测效果。RoQ (Reduction of Quality) attack is more stealthy and changeable than traditional DoS (Denial of Service) attack, which makes detection of RoQ extremely difficult. In order to improve detection accuracy and locate attack sources in time, this paper turns modeling attack flow extraction into a process of blind sources separation. A method is proposed based on fast ICA (Independent Component Analysis) to detach RoQ flow from several observation network devices and terminals. Then, some features’ parameters that represent attack flow are extracted. After that, a system of collaborative detection system is designed on the basis of SVM (Support Vector Machine), using marked attack and no-attack samples to train the SVM classifier in order to detect RoQ attack finally. Simulation results illustrate that this method can detect IP spoofed RoQ attack as well as locate the attacker, accuracy of which reaches up to 90%. Moreover, choosing appropriate ICA parameters will improve results to some extent.

关 键 词:网络安全 降质服务攻击 盲源分离 快速独立成分分析 特征提取 

分 类 号:TN393.08[电子电信—物理电子学]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象