本文選題：DDoS攻擊　切入點：行為自相似性　出處：《中南大學》2014年碩士論文　論文類型：學位論文

【摘要】：DDoS攻擊是攻擊特定目標,使其無法提供正常網(wǎng)絡(luò)服務的攻擊方式,DDoS攻擊工具的出現(xiàn),發(fā)動DDoS攻擊變得簡便而有效,因此DDoS攻擊引起的網(wǎng)絡(luò)安全事件層出不窮。隨著DDoS的攻擊方法和工具的不斷更新升級,DDoS攻擊的危害變得越來越大,成為當今互聯(lián)網(wǎng)安全的主要威脅之一。 本文針對DDoS攻擊的特點,提出了基于用戶行為的自相似性對DDoS攻擊進行分析的方法,研究了套接字字段和TCP標識符等特征字段的熵值在DDoS攻擊發(fā)生時候的變化。結(jié)合生物信息學中蛋白質(zhì)相互作用網(wǎng)絡(luò)的特點,利用特征熵值的變化信息為不同的DDoS攻擊方式建立目標蛋白質(zhì)相互作用網(wǎng)絡(luò)。 為了能追蹤并鎖定DDoS攻擊源,本文利用主動網(wǎng)絡(luò)的特點,設(shè)計了DDoS攻擊的檢測與追蹤總體方案。該方案在分時統(tǒng)計的基礎(chǔ)上為每個數(shù)據(jù)包創(chuàng)建RTCT字段,服務器端根據(jù)不同的RTCT值分類數(shù)據(jù)包并生成不同的個體,利用相同的特征熵值為每個個體構(gòu)建對應的蛋白質(zhì)相互作用網(wǎng)絡(luò)。最后通過與目標蛋白質(zhì)相互作用網(wǎng)絡(luò)進行對比來判斷或預測個體是否有攻擊行為,如果個體有攻擊行為,分解個體RTCT值鎖定攻擊源并還原攻擊路徑。 實驗結(jié)果表明該總體方案對DDoS攻擊十分敏感,能夠準確的檢測和預測出DDoS攻擊并指示攻擊類型,并能在復雜的網(wǎng)絡(luò)拓撲結(jié)構(gòu)中正確的鎖定攻擊源并還原攻擊路徑。
[Abstract]:DDoS attack is a kind of attack that can not provide normal network service to a specific target. It is easy and effective to launch a DDoS attack because of the appearance of DDoS attack tools. Therefore, the network security events caused by DDoS attacks emerge in endlessly. With the continuous updating and upgrading of DDoS attack methods and tools, the harm of DDoS attacks has become more and more serious, and it has become one of the main threats to Internet security nowadays. According to the characteristics of DDoS attacks, this paper proposes a method to analyze DDoS attacks based on user behavior self-similarity. The entropy of characteristic fields such as socket fields and TCP identifiers is studied in this paper, which is based on the characteristics of protein interaction networks in bioinformatics. The target protein interaction network is established for different DDoS attack modes by using the change information of characteristic entropy. In order to track and lock the DDoS attack source, this paper designs an overall scheme for detecting and tracking DDoS attacks based on the characteristics of active network. This scheme creates RTCT fields for each packet on the basis of time-sharing statistics. The server classifies packets according to different RTCT values and generates different individuals, Using the same characteristic entropy value to construct the corresponding protein interaction network for each individual. Finally, by comparing with the target protein interaction network, we can judge or predict whether the individual has aggressive behavior, if the individual has aggressive behavior. Decompose the individual RTCT value to lock the attack source and restore the attack path. The experimental results show that the scheme is sensitive to DDoS attacks, can detect and predict DDoS attacks and indicate the attack types accurately, and can correctly lock the attack source and restore the attack path in the complex network topology.
【學位授予單位】：中南大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 張樂;覃弘;趙淑玲;;淺析網(wǎng)絡(luò)安全中防火墻的應用[J];測繪與空間地理信息;2011年06期

2 孫曉燕;張化祥;計華;;用于不均衡數(shù)據(jù)集分類的KNN算法[J];計算機工程與應用;2011年28期

3 蔡瑋s，

本文編號：1633118