本文選題：應(yīng)用層　切入點(diǎn)：DDoS　出處：《天津大學(xué)》2014年碩士論文

【摘要】：分布式拒絕服務(wù)(Distributed Denial of Service,DDoS)攻擊是當(dāng)前互聯(lián)網(wǎng)面臨的最嚴(yán)重的安全問題之一。近些年,隨著Web服務(wù)的不斷涌現(xiàn),DDoS攻擊開始從傳統(tǒng)的傳輸層和網(wǎng)絡(luò)層轉(zhuǎn)向應(yīng)用層,且應(yīng)用層DDoS(Application DDoS,App-DDoS)攻擊發(fā)生的愈發(fā)頻繁,造成的影響越來越大。App-DDoS攻擊中攻擊者發(fā)出的攻擊請(qǐng)求都是合法請(qǐng)求,并且在底層表現(xiàn)合法。因此傳統(tǒng)DDoS攻擊的防御方法不能有效防御App-DDoS攻擊。在應(yīng)用層,客戶端可以通過發(fā)送少量報(bào)文就可以使服務(wù)器進(jìn)行大量計(jì)算,從而消耗其各種資源。因此App-DDoS攻擊有更強(qiáng)的攻擊性。綜上所述,尋找有效的App-DDoS防御方法更加迫切。App-DDoS攻擊中,攻擊者與正常用戶最主要的不同在于訪問目的。為了達(dá)到消耗服務(wù)器資源的目的,攻擊者便會(huì)在行為特征表現(xiàn)上和正常用戶在有很大的區(qū)別。因此本文將通過分析用戶的行為特征來對(duì)App-DDoS進(jìn)行攻擊檢測(cè)。針對(duì)應(yīng)用層DDoS攻擊的特點(diǎn),本文首先提取了請(qǐng)求速率和負(fù)載請(qǐng)求比例兩個(gè)用戶行為特征來對(duì)用戶行為進(jìn)行檢測(cè)。其次,本文提出了忠實(shí)度的概念,作為對(duì)用戶行為特征表現(xiàn)的綜合評(píng)估,并提出了有效的忠實(shí)度評(píng)估方法。忠實(shí)度的評(píng)估不僅要考量用戶訪問過程中的行為表現(xiàn),還要結(jié)合用戶的歷史行為表現(xiàn)。因此可以對(duì)用戶行為進(jìn)行更準(zhǔn)確的評(píng)估。忠實(shí)度計(jì)算還通過低初始值和慢增快減兩種機(jī)制來保證攻擊用戶往往擁有較低忠實(shí)度值,正常用戶擁有較高忠實(shí)度值,可以有效提高攻擊檢測(cè)率,降低誤報(bào)率。再次,為了更好地統(tǒng)計(jì)用戶的歷史行為,本文提出了基于客戶端的檢測(cè)和過濾方式。在該方法中,使用Cookie技術(shù)來標(biāo)識(shí)客戶端,將檢測(cè)攻擊用戶轉(zhuǎn)化為評(píng)估一臺(tái)主機(jī)是否為攻擊主機(jī)。該方法使得攻擊者無法輕易丟棄舊身份,可以更好地統(tǒng)計(jì)該主機(jī)的歷史行為表現(xiàn)。最后,針對(duì)App-DDoS攻擊,本文實(shí)現(xiàn)了一種基于用戶忠實(shí)度的ULDM(User Loyalty Defense Model)防御模型。該模型通過忠實(shí)度計(jì)算來評(píng)估主機(jī)用戶是否為攻擊主機(jī)。實(shí)驗(yàn)表明,該防御模型可以有效檢測(cè)和過濾App-DDoS攻擊,并具有較高的檢測(cè)率和較低的誤報(bào)率。
[Abstract]:Distributed Denial of Service DDoS (DDoS) attack is one of the most serious security problems facing the Internet.In recent years, with the continuous emergence of Web services, DDoS attacks begin to shift from the traditional transport layer and the network layer to the application layer, and the DDoS(Application DDoS App-DDoS) attacks in the application layer occur more frequently.The impact of the attack is more and more serious. In the attack of .App-DDoS, the attack requests issued by the attacker are all legitimate requests, and they are legitimate in the bottom layer.Therefore, the traditional DDoS attack defense method can not effectively defend against App-DDoS attacks.In the application layer, the client can make the server compute a lot by sending a small number of packets, thus consuming all kinds of resources.So App-DDoS attacks are more aggressive.To sum up, it is more urgent to find an effective defense method for App-DDoS. The main difference between attacker and normal user is access purpose.In order to consume server resources, the behavior of the attacker is different from that of the normal user.Therefore, this paper will analyze the behavior of users to detect App-DDoS attacks.According to the characteristics of application layer DDoS attack, this paper firstly extracts two user behavior characteristics, request rate and load request ratio, to detect user behavior.Secondly, this paper puts forward the concept of fidelity as a comprehensive evaluation of the behavior characteristics of users, and puts forward an effective method of loyalty evaluation.The evaluation of fidelity not only takes into account the behavior of the user during the access process, but also combines the historical behavior of the user.As a result, user behavior can be evaluated more accurately.Loyalty calculation also guarantees that the attack user often has lower fidelity value and the normal user has a higher fidelity value through two mechanisms: low initial value and slow increasing fast decreasing mechanism, which can effectively improve the attack detection rate and reduce the false alarm rate.Thirdly, in order to better statistics the historical behavior of users, this paper proposes a client-based detection and filtering method.In this method, Cookie technology is used to identify the client, and the detection attack user is converted to evaluate whether a host is an attack host.This method can not easily discard the old identity, and can better measure the historical behavior of the host.Finally, a ULDM(User Loyalty Defense Model defense model based on user loyalty is implemented for App-DDoS attacks.The model evaluates whether the host user is an attacking host through the fidelity calculation.Experiments show that the model can effectively detect and filter App-DDoS attacks, and has high detection rate and low false alarm rate.
【學(xué)位授予單位】：天津大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 李錦玲;汪斌強(qiáng);張震;;基于流量分析的App-DDoS攻擊檢測(cè)[J];計(jì)算機(jī)應(yīng)用研究;2013年02期

2 張永錚;肖軍;云曉春;王風(fēng)宇;;DDoS攻擊檢測(cè)和控制方法[J];軟件學(xué)報(bào);2012年08期

3 趙國鋒;喻守成;文晟;;基于用戶行為分析的應(yīng)用層DDoS攻擊檢測(cè)方法[J];計(jì)算機(jī)應(yīng)用研究;2011年02期

4 肖軍;云曉春;張永錚;;基于會(huì)話異常度模型的應(yīng)用層分布式拒絕服務(wù)攻擊過濾[J];計(jì)算機(jī)學(xué)報(bào);2010年09期

5 嵇海進(jìn);蔡明;;基于可信度的應(yīng)用層DDoS攻擊防御方法[J];計(jì)算機(jī)工程與設(shè)計(jì);2007年19期

6 謝逸;余順爭(zhēng);;應(yīng)用層洪泛攻擊的異常檢測(cè)[J];計(jì)算機(jī)科學(xué);2007年08期

7 謝逸;余順爭(zhēng);;基于Web用戶瀏覽行為的統(tǒng)計(jì)異常檢測(cè)[J];軟件學(xué)報(bào);2007年04期

相關(guān)博士學(xué)位論文 前1條

1 徐川;應(yīng)用層DDoS攻擊檢測(cè)算法研究及實(shí)現(xiàn)[D];重慶大學(xué);2012年

相關(guān)碩士學(xué)位論文 前2條

1 陸興舟;一種針對(duì)大規(guī)模網(wǎng)絡(luò)關(guān)鍵服務(wù)的DDoS反制方案[D];華東師范大學(xué);2012年

2 張p，

本文編號(hào)：1723442