【摘要】：分布式拒絕服務(wù)(Distributed Denial of Service,DDoS)攻擊是當(dāng)前互聯(lián)網(wǎng)面臨的最嚴(yán)重的安全問題之一。應(yīng)用層DDoS攻擊用于完成特定目標(biāo),主要包括中斷交易和訪問數(shù)據(jù)庫資源。它需要相對(duì)較少的資源并且經(jīng)常伴隨著網(wǎng)絡(luò)層攻擊。除了針對(duì)特定的應(yīng)用數(shù)據(jù)包之外,攻擊流量偽裝成合法流量,對(duì)應(yīng)用層的攻擊主要用來阻礙信息檢索或者搜索功能、影響Web瀏覽體驗(yàn)、消耗電子郵件服務(wù)和圖片應(yīng)用程序的資源。為了有效防御應(yīng)用層分布式拒絕服務(wù)攻擊,本文提出一種搭建在Web應(yīng)用服務(wù)器上的基于Web軌跡的檢測(cè)方法與防御模型。把用戶的訪問行為抽象為Web行為軌跡,根據(jù)攻擊請(qǐng)求的生成方式與用戶訪問Web頁面的行為特征,提出了五種異常因素,分別為會(huì)話長(zhǎng)度分布異常、訪問依賴異常、行為速率異常、軌跡重復(fù)異常、軌跡偏離異常。采用行為軌跡化簡(jiǎn)算法簡(jiǎn)化行為軌跡的計(jì)算,然后計(jì)算用戶正常訪問網(wǎng)站時(shí)和攻擊訪問時(shí)產(chǎn)生的異常因素的偏離值,來檢測(cè)針對(duì)Web網(wǎng)站的分布式拒絕服務(wù)攻擊。在檢測(cè)出某用戶產(chǎn)生攻擊請(qǐng)求時(shí),防御模型禁止該用戶訪問來防御DDoS。實(shí)驗(yàn)采用真實(shí)數(shù)據(jù)作為訓(xùn)練集,在模擬不同種類攻擊請(qǐng)求下,防御模型短時(shí)間識(shí)別出攻擊并且采取防御機(jī)制抵制。實(shí)驗(yàn)結(jié)果表明,Web行為軌跡的防御模型能夠有效檢測(cè)并且防御對(duì)Web網(wǎng)站的分布式拒絕服務(wù)攻擊。
[Abstract]:Distributed Denial of Service (DDoS) attack is one of the most serious security problems facing the current Internet. The application layer DDoS attack is used to accomplish specific targets, mainly including interrupting transactions and accessing database resources. It requires relatively few resources and often accompanied by network layer attacks. In addition to the application data packet, the attack traffic is disguised as a legitimate traffic, and the attack on the application layer is mainly used to hinder information retrieval or search function. It affects the Web browsing experience and consumes the resources of the e-mail service and image applications. In order to effectively defend the application layer distributed denial of service attack, this paper proposes a kind of construction in the Web application. The detection method and defense model based on Web trajectory on the server. The user's access behavior is abstracted as the Web behavior trajectory. According to the formation of the attack request and the user's access to the behavior characteristics of the Web page, five abnormal factors are proposed, which are the session length distribution anomaly, the access dependency anomaly, the behavior rate anomaly, and the locus repetition difference, respectively. Often, the trajectory is deviated from the anomaly. The behavior trajectory simplification algorithm is used to simplify the calculation of the behavior trajectory, and then the deviation value of the abnormal factors generated by the user's normal access to the site and the attack access is calculated to detect the distributed denial of service attack against the Web site. The DDoS. experiment uses real data as the training set. Under the simulation of different kinds of attack requests, the defense model recognizes the attack in a short time and adopts the defense mechanism to resist. The experimental results show that the defense model of the Web behavior trajectory can effectively detect and defend the distributed denial of service attack on the Web website.
【學(xué)位授予單位】：中國(guó)礦業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 徐洋;孫建忠;張煥國(guó);謝曉堯;;云環(huán)境下Web服務(wù)應(yīng)用層DDoS攻擊檢測(cè)系統(tǒng)[J];計(jì)算機(jī)應(yīng)用研究;2016年09期

2 肖甫;馬俊青;黃洵松;王汝傳;;SDN環(huán)境下基于KNN的DDoS攻擊檢測(cè)方法[J];南京郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年01期

3 孫未;張亞平;;基于用戶忠實(shí)度的應(yīng)用層DDoS防御模型[J];計(jì)算機(jī)工程與設(shè)計(jì);2015年01期

4 王睿;;一種基于回溯的Web上應(yīng)用層DDOS檢測(cè)防范機(jī)制[J];計(jì)算機(jī)科學(xué);2013年S2期

5 黃亮;馮登國(guó);連一峰;陳愷;;基于神經(jīng)網(wǎng)絡(luò)的DDoS防護(hù)績(jī)效評(píng)估[J];計(jì)算機(jī)研究與發(fā)展;2013年10期

6 李錦玲;汪斌強(qiáng);;基于最大頻繁序列模式挖掘的App-DDoS攻擊的異常檢測(cè)[J];電子與信息學(xué)報(bào);2013年07期

7 王風(fēng)宇;曹首峰;肖軍;云曉春;龔斌;;一種基于Web群體外聯(lián)行為的應(yīng)用層DDoS檢測(cè)方法[J];軟件學(xué)報(bào);2013年06期

8 田俊峰;韓金娥;杜瑞忠;王勇;;基于軟件行為軌跡的可信性評(píng)價(jià)模型[J];計(jì)算機(jī)研究與發(fā)展;2012年07期

9 趙國(guó)鋒;喻守成;文晟;;基于用戶行為分析的應(yīng)用層DDoS攻擊檢測(cè)方法[J];計(jì)算機(jī)應(yīng)用研究;2011年02期

10 肖軍;云曉春;張永錚;;基于會(huì)話異常度模型的應(yīng)用層分布式拒絕服務(wù)攻擊過濾[J];計(jì)算機(jī)學(xué)報(bào);2010年09期

，

本文編號(hào)：2130666