發(fā)布時(shí)間：2018-05-13 19:21

  本文選題：低速率DDoS + 加權(quán)熵　； 參考：《武漢輕工大學(xué)》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的發(fā)展，互聯(lián)網(wǎng)對(duì)各行各業(yè)占據(jù)著舉足輕重的地位。而因互聯(lián)網(wǎng)對(duì)數(shù)據(jù)包（惡意或非惡意）在傳輸過(guò)程中的盡最大努力轉(zhuǎn)發(fā)和最小可能處理的特殊性質(zhì)，，使得網(wǎng)絡(luò)中服務(wù)器容易受到DDoS攻擊，給服務(wù)提供商和合法用戶帶來(lái)巨大損失。因此，網(wǎng)絡(luò)安全在提供網(wǎng)絡(luò)服務(wù)中顯得尤為重要。本文以低速率分布式拒絕服務(wù)（Distributed Denial-of-Service，低速率DDoS）攻擊加權(quán)熵檢測(cè)算法為核心，重點(diǎn)討論了低速率DDoS攻擊檢測(cè)的幾個(gè)問(wèn)題：（1）低速率DDoS攻擊模型和原理；（2）低速率DDoS攻擊流與正常流在數(shù)據(jù)包大小方面的分布差異；（3）數(shù)據(jù)流按數(shù)據(jù)包大小統(tǒng)一建模，首次提出一種基于數(shù)據(jù)包大小的熵權(quán)機(jī)制；（4）定性和定量分析了基于數(shù)據(jù)包大小的熵權(quán)在正常流和攻擊流的變化趨勢(shì)。 第一，分析了低速率DDoS攻擊的組織形式、分類，以及攻擊過(guò)程中涉及到的其他關(guān)鍵問(wèn)題，在應(yīng)用層對(duì)低速率DDoS攻擊原理詳細(xì)分析，并對(duì)當(dāng)前的低速率DDoS攻擊檢測(cè)研究進(jìn)行分析。 第二，分析了當(dāng)前國(guó)內(nèi)外有關(guān)低速率DDoS攻擊流檢測(cè)的發(fā)展現(xiàn)狀和研究成果，重點(diǎn)關(guān)注了兩類檢測(cè)方法，即基于特征值的度量檢測(cè)方式和基于異常的度量檢測(cè)方式，將聚合鏈路流量特征運(yùn)用到基于異常的度量檢測(cè)方式中。 第三，分析了低速率DDoS攻擊發(fā)生時(shí)，以信息熵度量方式分別對(duì)正常流和攻擊流流量特征甄別。熵檢測(cè)在聚合鏈路流量監(jiān)測(cè)的異常檢測(cè)機(jī)制不僅能應(yīng)用于被攻擊者端檢測(cè)，而且能擴(kuò)展至攻擊路徑檢測(cè)，對(duì)于攻擊追溯起到關(guān)鍵作用。 第四，提出了一種新的熵權(quán)確定機(jī)制——基于數(shù)據(jù)包大小的熵權(quán)確定機(jī)制，并將此熵權(quán)確定機(jī)制運(yùn)用到正常流和攻擊流中，以基于數(shù)據(jù)包大小的熵權(quán)作為權(quán)值，運(yùn)用加權(quán)熵計(jì)算正常流和攻擊流，實(shí)驗(yàn)結(jié)果顯示，與香農(nóng)熵度量檢測(cè)機(jī)制相比，誤報(bào)率降低了23.10%。
[Abstract]:With the development of Internet technology, Internet plays an important role in various industries. However, due to the special nature of the Internet's best efforts to forward packets (malicious or non-malicious) during transmission and the least possible processing, servers in the network are vulnerable to DDoS attacks. To the service provider and the legal user brings the huge loss. Therefore, network security is particularly important in providing network services. This paper focuses on the low rate distributed Denial-of-Service (low rate DDoS) attack weighted entropy detection algorithm. Several problems of low rate DDoS attack detection are discussed in detail: 1) low rate DDoS attack model and its principle 2) the distribution difference between low rate DDoS attack flow and normal flow in data packet size. An entropy weight mechanism based on packet size is proposed for the first time. Firstly, the organization and classification of low rate DDoS attacks, as well as other key problems involved in the attack process, are analyzed in detail. The principle of low rate DDoS attacks is analyzed in detail in the application layer, and the current research on low rate DDoS attack detection is analyzed. Secondly, this paper analyzes the current situation and research results of low-rate DDoS attack flow detection at home and abroad, and focuses on two kinds of detection methods, I. E. measurement detection based on eigenvalue and measurement detection based on anomaly. The aggregate link traffic feature is applied to the anomaly-based metric detection. Thirdly, when low rate DDoS attacks occur, the characteristics of normal flow and attack flow are identified by information entropy measurement. The anomaly detection mechanism of entropy detection in aggregate link traffic monitoring can not only be applied to the detection of the attacker side, but also can be extended to attack path detection, which plays a key role in attack tracing. Fourthly, a new entropy weight determination mechanism, which is based on packet size, is proposed and applied to the normal flow and attack flow, and the entropy weight based on the packet size is used as the weight. The weighted entropy is used to calculate the normal flow and the attack flow. The experimental results show that the false alarm rate is 23.1010% lower than the Shannon entropy measurement detection mechanism.
【學(xué)位授予單位】：武漢輕工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 王天佐;王懷民;劉波;史佩昌;;僵尸網(wǎng)絡(luò)中的關(guān)鍵問(wèn)題[J];計(jì)算機(jī)學(xué)報(bào);2012年06期

2 文坤;楊家海;張賓;;低速率拒絕服務(wù)攻擊研究與進(jìn)展綜述[J];軟件學(xué)報(bào);2014年03期

本文編號(hào)：1884468