本文選題：LDoS攻擊模型　切入點：攻擊流量分析　出處：《中國民航大學(xué)》2015年碩士論文　論文類型：學(xué)位論文

【摘要】：流量異常檢測是保障網(wǎng)絡(luò)安全的重要措施之一。本文提出了一種基于主成成分分析PCA(Principal Component Analysis)算法的流量異常檢測方法,針對低速率拒絕服務(wù)LDoS(Low-rate Denial of Service)攻擊引起的網(wǎng)絡(luò)流量異常進(jìn)行了檢測。首先研究了具有一般性的LDoS攻擊模型,并從兩種不同攻擊形式的角度出發(fā),分別對利用TCP超時重傳機(jī)制和利用路由器RED機(jī)制的LDoS攻擊模型進(jìn)行了研究。構(gòu)建網(wǎng)絡(luò)實驗拓?fù)?使用NS2工具產(chǎn)生LDoS攻擊仿真流量,使用LDoS攻擊流生成工具產(chǎn)生LDoS攻擊真實流量,收集產(chǎn)生的流量,從流量數(shù)據(jù)包的角度對LDoS攻擊流量進(jìn)行分析。網(wǎng)絡(luò)流量數(shù)據(jù)具有高維度特性,使用流量建模時需要解決維度問題,這正是本文提出基于PCA算法的流量異常檢測方法的原因。PCA算法中選取的主成貢獻(xiàn)率不同,數(shù)據(jù)處理后所保留的數(shù)據(jù)特征將不同。實驗選取了90%、50%、10%三種不同主成貢獻(xiàn)率來驗證不同主成貢獻(xiàn)率下模型的檢測效率。PCA算法處理流量樣本數(shù)據(jù)時獲得的T2控制限值作為模型的判決門限,檢測流量中超過T2控制限值的流量樣本判定為異常流量,反之為正常流量。建模分別使用正常異�；旌狭髁�、純異常流量、純正常流量三種不同的流量樣本,檢測結(jié)果表明主成貢獻(xiàn)率越高,模型的檢測率也越高。
[Abstract]:Traffic anomaly detection is one of the most important measures to ensure network security. In this paper, a traffic anomaly detection method based on PCA(Principal Component analysis algorithm is proposed. In this paper, the anomaly of network traffic caused by low-rate denial of service LDoS(Low-rate Denial of Service attack is detected. Firstly, a general LDoS attack model is studied, and two different attack forms are proposed. The LDoS attack models using TCP timeout retransmission mechanism and router RED mechanism are studied respectively. The network experimental topology is constructed, LDoS attack simulation traffic is generated by NS2 tool, and LDoS attack real traffic is generated by LDoS attack flow generation tool. Collect the generated traffic, analyze the LDoS attack traffic from the point of view of traffic packets. Network traffic data have high dimensional characteristics, the use of traffic modeling needs to solve the dimension problem, This is precisely the reason why this paper proposes a new method of traffic anomaly detection based on PCA algorithm. The main contribution rate of PCA algorithm is different. The data characteristics will be different after data processing. The experiment selected 90% 50% 10% three different main contribution rates to verify the detection efficiency of the model under different principal contribution rate .PCA algorithm when processing the flow sample data obtained T2 control limit value. As the decision threshold for the model, The flow samples that exceed the limit of T2 control are determined as abnormal flow, otherwise normal flow. The model uses three different flow samples: normal mixed flow, pure abnormal flow, pure normal flow, and pure normal flow. The results show that the higher the main contribution rate, the higher the detection rate of the model.
【學(xué)位授予單位】：中國民航大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2015
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 劉文勝;周長勝;;基于路由器BGP協(xié)議的低速率攻擊與防御[J];北京信息科技大學(xué)學(xué)報(自然科學(xué)版);2014年06期

2 文坤;楊家海;張賓;;低速率拒絕服務(wù)攻擊研究與進(jìn)展綜述[J];軟件學(xué)報;2014年03期

3 馬建紅;姬莉霞;文坤;;Shrew攻擊對擁塞控制協(xié)議的影響及仿真分析[J];河南科技大學(xué)學(xué)報(自然科學(xué)版);2013年04期

4 張靜;胡華平;劉波;肖楓濤;;基于ASPQ的LDoS攻擊檢測方法[J];通信學(xué)報;2012年05期

5 王敏;李純喜;陳常嘉;;淺談基于PCA的網(wǎng)絡(luò)流量分析[J];微計算機(jī)信息;2006年06期

，

本文編號：1617795