基于信号互相关的低速率拒绝服务攻击检测方法  被引量：16

作　　者：吴志军[1] 李光[1] 岳猛[1] 

机构地区：[1]中国民航大学电子信息工程学院天津市高级信号处理重点实验室,天津300300

出　　处：《电子学报》2014年第9期1760-1766,共7页Acta Electronica Sinica

基　　金：国家自然科学基金面上项目(No.61170328;No.U1333116);天津市应用基础与前沿技术研究计划(自然科学基金重点项目)(No.12JCZDJC20900);2013年民航科技引导资金项目;中央高校基本科研业务费(No.3122013P007;No.3122013D007;No.3122013D003);中国民航大学科研建设平台项目;中国民航大学研究生课程建设项目

摘　　要：低速率拒绝服务LDoS(Low-rate Denial of Service)攻击是一种基于TCP/IP协议漏洞,采用密集型周期性脉冲的攻击方式.本文针对分布式LDoS攻击脉冲到达目标端的时序关系,提出基于互相关的LDoS攻击检测方法.该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性,得到相关序列,采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间,利用无周期单脉冲预测技术估计LDoS攻击的周期参数,提取LDoS攻击的脉冲持续时间的相关性特征,并设计判决门限规则.实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能.Low-rate Denial of Service （LDoS ） attack is TCP-targeted attack ,which attempts to deny bandwidth of TCP flows .LDoS attacks send intensive periodic pulses at sufficiently low average rate to elude detection of DoS defense system .Based on the sequence relation between the distributed LDoS attack pulses arriving at the destination ,a cross-correlation LDoS attack de-tection method is proposed by using cyclic convolution .This method builds a detection sequence for the purpose of exploring the timing relationship for distributed LDoS attack pulses arriving at the specific destination .Through computing the relation between the constructed detection sequence and sampled network flow sequence ,the cross sequence is obtained .The cyclic convolution cross-re-lation algorithm is utilized to compute the precise time that the attack pulses arriving at the specific destination through different transferring channels .With nonperiodic monopulse prediction technology ,the periodic parameters of LDoS attack are estimated ,the relation characteristic of the pulse durations of LDoS attacks is extracted ,and the threshold rules are designed .Experimental results show that the proposed algorithm of LDoS attack detection based on signal correlation achieves good detection performance .

关 键 词：低速率拒绝服务攻击 互相关函数 循环卷积 时序 检测 

分 类 号：TP393.4[自动化与计算机技术—计算机应用技术]