半监督流形正则化算法检测应用层DDoS攻击研究  被引量：1

作　　者：康松林[1] 樊晓平[1,2] 刘楚楚[1] 李宏[1] 安隆熙 

机构地区：[1]中南大学信息科学与工程学院,湖南长沙410083 [2]湖南财政经济学院网络化系统研究所,湖南长沙410205

出　　处：《中南大学学报（自然科学版）》2014年第12期4232-4238,共7页Journal of Central South University:Science and Technology

基　　金：国家自然科学基金资助项目(60773013)~~

摘　　要：现有的应用层分布式拒绝服务(DDo S)攻击检测方法都是基于用户浏览行为特征的统计来区别正常用户与非正常用户,因为要进行高层协议解析和深度数据包处理,所需计算的时间长,空间复杂度高,所以,实现在线检测面临极大困难。针对小样本应用层Web DDo S攻击,提出半监督流形正则化检测方法。首先,在1个时间窗口内以IP地址或域名为标识,将过滤后的Web日志映射到1个14维的特征空间以描述用户的访问行为;其次,采用半监督流形正则化的Laprls最小二乘法对此特征空间中小样本数据进行分类预测以区分正常用户与非正常用户;最后,在少量标记样本的适应性和未标记样本的学习2个方面,分别通过实验和其他算法进行对比。研究结果表明:所提出的算法在检测Web DDo S攻击方面比支持向量机、最小乘方二乘法、K-NN算法具有更高的分类正确率,说明半监督流形正则化的Laprls最小二乘法算法对检测小样本Web DDo S攻击具有较好的实用性。The existing detection methods of application layer of distributed denial of service（DDo S） attack are based on the statistical characteristic of user browsing behavior to distinguish the abnormal user and normal users, and because the calculation time and space complexity of high-level protocol parsing and deep packet processing are very high, it is very difficult to realize online detection. Aiming at the small samples of Web DDo S attacks, a semi-supervised manifold regularization detection method was proposed. Firstly, Web log was filtered into a 14 dimensional feature spaces according to IP address or domain name within a time window to describe the user＇s access behavior. Secondly, Laprls least-square algorithm based on semi-supervised manifold regularization was designed to classify the small sample data in the feature space so that the abnormal user could be distinguished from normal users. Finally, through the experimental analysis, the algorithm was contrasted with other algorithms in terms of adaptability of small samples and usage of unlabelled samples. The results show the proposed algorithm has higher classification accuracy compared with other algorithms such as SVM, RLS and K-NN in terms of Web DDo S attack detection, which shows that a semi-supervised manifold regularization of Laprls least-square algorithm has better practicability for detecting Web DDo S attack.

关 键 词：Web DDOS攻击检测 半监督流形正则化 小样本 Laprls最小二乘法 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]