关联规则挖掘结合简化粒子群优化的哈希回溯追踪协议  被引量：4

作　　者：侯燕[1] 郭慧玲[1] 

机构地区：[1]周口师范学院计算机科学与技术学院,河南周口466000

出　　处：《重庆邮电大学学报（自然科学版）》2016年第2期239-246,共8页Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)

基　　金：河南省软科学研究计划项目(132400410927;142400411229)~~

摘　　要：针对源路径隔离引擎(source path isolation engine,SPIE)不能回溯追踪早期经过路由器的攻击数据包问题,提出了一种IP回溯追踪协议(IP trace-back protocol,ITP),该协议根据压缩哈希表、Sinkhole路由算法和基于网络取证的数据挖掘技术抵抗网络攻击。其中包含简化粒子群优化(simplified particle swarm optimization,SPSO)关联算法的分析管理器(attack analysis manager,AAM)通过分析来自Sinkhole路由器和入侵检测系统(intrusion detection systems,IDS)的攻击包的关联性生成攻击模式和攻击包规则,并将该结果通知系统管理器,Sinkhole路由器和IDS通过数据挖掘技术分析攻击包之间的关联性。通过比较SPIE,概率包标记(probabilistic packet marking,PPM)和i Trace的性能可以看出,ITP不仅能实时追踪后向攻击,而且能定期使用压缩哈希表(compressed hash table,CHT)完成追踪任务。因此,在抵抗Do S攻击方面,ITP性能优于SPIE,PPM和i Trace,此外,在回溯执行时间方面,相同跳跃数下,ITP比iTrace低2-3 s。As the Source Path Isolation Engine（ SPIE） can not track attack-packet which passes the router early,an IP Trace-back Protocol（ ITP） is proposed,which uses compression hash table,sinkhole routing algorithm and data mining technology based on network forensics to resist network attack. The（ AAM） which includes simplified particle swarm optimization（ SPSO） generates an attack mode and attack packets rules by analyzing correlations from Sinkhole routers and IDS attack packets. And the results are notified to the system manager. The correlation of attack packets are analyzed by Sinkhole router and IDS and data mining. Compared with the performance of SPIE,PPM and i Trace,ITP not only track after attack by the hash table in real time,but also can finish track task by Compression Hash Table（ CHT）. Thus,in terms of resistance to Dos attacks,ITP outperforms SPIE,PPM and i Trace. Also in the aspect of trace-back execution time,the time of ITP is lower than that of i Trace by 2-3 seconds in the case of the same jump number.

关 键 词：攻击数据包 IP回溯协议 压缩哈希表 简化粒子群优化 Sinkhole路由器 数据挖掘 

分 类 号：TP399[自动化与计算机技术—计算机应用技术]