基于神经网络的DDoS防护绩效评估  被引量：7

作　　者：黄亮[1,2] 冯登国[1] 连一峰[1] 陈恺[1] 

机构地区：[1]可信计算与信息保障实验室(中国科学院软件研究所),北京100190 [2]信息网络安全公安部重点实验室(公安部第三研究所),上海201204

出　　处：《计算机研究与发展》2013年第10期2100-2108,共9页Journal of Computer Research and Development

基　　金：国家"八六三"高技术研究发展计划基金项目(SQ2013GX02D01211;2011AA01A203);国家自然科学基金项目(61100226;61303248);北京市自然科学基金项目(4122085);"十二五"国家科技支撑计划基金项目(2012BAK26B01)

摘　　要：面对日益严重的分布式拒绝服务(distributed denial of service,DDoS)攻击威胁和众多防护措施,需要防护绩效评估方法指导防护措施的选择.现有绩效评估方法通过对比防护措施部署前后的攻击效果进行评估,需对防护措施进行卸载及重新部署,实施成本高.针对这种不足,首先建立了防护绩效评估模型(defence evaluation model,DEM),该模型从用户感受角度进行指标选取,减少了传统方式下测评过程需要的指标数量,降低了数据获取的难度.利用神经网络良好的泛化能力,将其引入DDoS防护绩效评估过程;在计算已部署防护措施攻击效果的同时,预测得到未部署防护措施时的攻击效果,减少了测量次数.使用网络仿真程序SSFNet模拟典型攻击场景进行实验,验证了提出的评估方法以及神经网络的预测能力.In the world facing severe threat of DDoS, finding the best countermeasure will raise the chance of survival. Defense effectiveness evaluation could help determining the best, thus it is an important part of countermeasure selecting. Current existing defense effectiveness evaluation works through comparing the attack effect before and after the deployment of defensive measures. Consequently, if the measure to be evaluated has been deployed, it needs to be removed, and then to be deployed again during the evaluation process. As a result, the cost of defense effectiveness evaluation is high. The cost can be reduced if the evaluation don＇t have to remove the defensive measure. In this paper, a defense effectiveness evaluation method without removing the defensive measure is proposed. Firstly, the DEM （defense effectiveness model） model is presented. It chooses indices in the perspective of normal user, which reduces the number of indices and the difficulty of measuring. Then, joined with artificial neural network, the DEM model is able to predict the attack effect before the deployment of countermeasures while the countermeasure has bean already deployed. After that, SSFNet, a network simulator, is incorporated to simulate a typical DDoS attack scenario. The result of the simulation not only validates the predictive ability of artificial neural network in DEM model, but also proves the proposed method to be correct.

关 键 词：安全评估 人工神经网络 分布式拒绝服务 绩效评估 SSFNET 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]