检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:陈红松[1] 陈京九 CHEN Hong-song;CHEN Jing-jiu(School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China)
机构地区:[1]北京科技大学计算机与通信工程学院,北京100083
出 处:《吉林大学学报(工学版)》2020年第5期1894-1904,共11页Journal of Jilin University:Engineering and Technology Edition
基 金:国家社会科学基金项目(18BGJ071)。
摘 要:针对物联网大规模分布式拒绝服务攻击检测难题,基于Docker虚拟化容器技术搭建了物联网流量仿真平台,通过模拟Mirai僵尸网络和执行命令产生4种不同的攻击流量。人工执行与物联网实验箱自动产生正常流量。对原始流量进行统计分析生成包级和秒级两种不同等级的物联网流量数据集。提出了分段HURST指数、滑动窗口熵和滑动窗口置信区间3种统计指标和分析方法,并制定了攻击检测规则。实验结果表明:基于滑动窗口均值置信区间的异常流量检测方法可达72.11%的准确率。To solve the problem of large-scale Distributed Denial of Service(DDoS)attack detection in Internet of Things(IoT)simulation environment,the Docker virtualized container technology is used to construct the IoT traffic simulation platform. First,four different types of attack traffic are generated by simulating Mirai botnet and executing commands,and normal traffic is generated by manual click and IoT experiment box auto execution. Then,statistical analysis is carried out on the original traffic to generate two different levels of datasets:packet-level and second-level. Third,three statistical analysis methods and indicators are proposed,including segmented HURST exponent,sliding-window based entropy and sliding-window based confidence interval. Finally,the DDoS attack traffic detection rules are generated by the training dataset. The experimental results show that the sliding-window based confidence interval abnormal traffic detection method can achieve an accuracy of 72.11%.
关 键 词:统计分析 异常流量检测 分布式拒绝服务 攻击模拟 物联网仿真
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.149.249.124