基于卡方距離和AEWMA的LDoS攻擊檢測(cè)方法研究
發(fā)布時(shí)間:2018-10-31 15:34
【摘要】:LDoS(Low-rate Denial of Service)攻擊的攻擊數(shù)據(jù)往往混雜在有效數(shù)據(jù)中,具有較高的隱蔽性,難以被檢出。現(xiàn)階段針對(duì)LDoS攻擊檢測(cè)的研究工作尚處于初級(jí)階段,雖然已有的檢測(cè)方法能夠在某種程度上檢測(cè)出某些種類的LDoS攻擊,但還是存在諸多不足。因此,,探索新的、有效的、能夠?qū)崟r(shí)檢測(cè)LDoS攻擊的方法對(duì)提升網(wǎng)絡(luò)系統(tǒng)的安全性具有重要的理論價(jià)值和積極的現(xiàn)實(shí)意義。 對(duì)LDoS攻擊的方式與種類進(jìn)行了歸納,指出了LDoS攻擊的檢測(cè)難度,并對(duì)現(xiàn)有典型的LDoS攻擊檢測(cè)方法進(jìn)行了分析。 對(duì)網(wǎng)絡(luò)中有效TCP(Transmission Control Protocol)流量與其它流量在頻數(shù)分布上的特征進(jìn)行了分析,發(fā)現(xiàn)這兩類流量在無(wú)LDoS攻擊時(shí)和有LDoS攻擊時(shí)頻數(shù)分布上存在較大的差異,為此引入了“距離”的度量方法。以此為基礎(chǔ)提出了一種基于卡方距離的LDoS攻擊檢測(cè)方法,給出了相應(yīng)的檢測(cè)算法,同時(shí)對(duì)影響到檢測(cè)結(jié)果精度的參數(shù)進(jìn)行了細(xì)致的討論。最后通過仿真實(shí)驗(yàn)證明了該方法的有效性。 對(duì)有效TCP流量在多種情形中分布形態(tài)的差異性進(jìn)行了分析,歸納出各種情形下有效TCP流量的分布特征,進(jìn)而提出了一種基于AEWMA(Adaptive ExponentiallyWeighted Moving Average)的LDoS攻擊檢測(cè)方法。同時(shí)就判別準(zhǔn)則所涉及到的相關(guān)參數(shù)進(jìn)行了深入的討論。最后通過仿真實(shí)驗(yàn)證明了該方法的有效性。 通過對(duì)上述兩種獨(dú)立的方法存在的不足進(jìn)行了分析,發(fā)現(xiàn)兩種方法具有很強(qiáng)的互補(bǔ)性,為此構(gòu)建了一種綜合的LDoS攻擊檢測(cè)方法,對(duì)兩種方法進(jìn)行了融合,通過仿真實(shí)驗(yàn)證明這種融合后的綜合檢測(cè)方法相較原有的兩種獨(dú)立的方法在保證了較好的檢測(cè)準(zhǔn)確率的同時(shí),具備更低的漏報(bào)率和誤報(bào)率。
[Abstract]:The attack data of LDoS (Low-rate Denial of Service) attack) are often mixed in the effective data, which have high concealment and are difficult to be detected. At present, the research on LDoS attack detection is still in the primary stage. Although the existing detection methods can detect some kinds of LDoS attacks to some extent, there are still many shortcomings. Therefore, exploring new, effective and real-time detection methods of LDoS attacks has important theoretical value and positive practical significance in improving the security of network systems. The methods and types of LDoS attacks are summarized, the difficulty of detecting LDoS attacks is pointed out, and the existing typical LDoS attack detection methods are analyzed. In this paper, the characteristics of effective TCP (Transmission Control Protocol) traffic and other traffic in frequency distribution are analyzed. It is found that there are great differences between the frequency distribution of these two kinds of traffic in the absence of LDoS attack and in the presence of LDoS attack. For this reason, the measurement method of "distance" is introduced. Based on this, a LDoS attack detection method based on chi-square distance is proposed, and the corresponding detection algorithm is given. At the same time, the parameters that affect the accuracy of the detection results are discussed in detail. Finally, the effectiveness of the method is proved by simulation experiments. Based on the analysis of the difference of effective TCP traffic distribution patterns in various cases, the distribution characteristics of effective TCP traffic under various circumstances are summarized, and a LDoS attack detection method based on AEWMA (Adaptive ExponentiallyWeighted Moving Average) is proposed. At the same time, the related parameters involved in the criterion are discussed in depth. Finally, the effectiveness of the method is proved by simulation experiments. By analyzing the shortcomings of the above two independent methods, it is found that the two methods are highly complementary. For this reason, a comprehensive LDoS attack detection method is constructed, and the two methods are fused. The simulation results show that compared with the original two independent methods, the proposed integrated detection method has lower false alarm rate and lower false alarm rate as well as better detection accuracy.
【學(xué)位授予單位】:華中科技大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2302718
[Abstract]:The attack data of LDoS (Low-rate Denial of Service) attack) are often mixed in the effective data, which have high concealment and are difficult to be detected. At present, the research on LDoS attack detection is still in the primary stage. Although the existing detection methods can detect some kinds of LDoS attacks to some extent, there are still many shortcomings. Therefore, exploring new, effective and real-time detection methods of LDoS attacks has important theoretical value and positive practical significance in improving the security of network systems. The methods and types of LDoS attacks are summarized, the difficulty of detecting LDoS attacks is pointed out, and the existing typical LDoS attack detection methods are analyzed. In this paper, the characteristics of effective TCP (Transmission Control Protocol) traffic and other traffic in frequency distribution are analyzed. It is found that there are great differences between the frequency distribution of these two kinds of traffic in the absence of LDoS attack and in the presence of LDoS attack. For this reason, the measurement method of "distance" is introduced. Based on this, a LDoS attack detection method based on chi-square distance is proposed, and the corresponding detection algorithm is given. At the same time, the parameters that affect the accuracy of the detection results are discussed in detail. Finally, the effectiveness of the method is proved by simulation experiments. Based on the analysis of the difference of effective TCP traffic distribution patterns in various cases, the distribution characteristics of effective TCP traffic under various circumstances are summarized, and a LDoS attack detection method based on AEWMA (Adaptive ExponentiallyWeighted Moving Average) is proposed. At the same time, the related parameters involved in the criterion are discussed in depth. Finally, the effectiveness of the method is proved by simulation experiments. By analyzing the shortcomings of the above two independent methods, it is found that the two methods are highly complementary. For this reason, a comprehensive LDoS attack detection method is constructed, and the two methods are fused. The simulation results show that compared with the original two independent methods, the proposed integrated detection method has lower false alarm rate and lower false alarm rate as well as better detection accuracy.
【學(xué)位授予單位】:華中科技大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
中國(guó)期刊全文數(shù)據(jù)庫(kù) 前8條
1 肖權(quán)權(quán);段迅;;基于NS2的網(wǎng)絡(luò)仿真與性能測(cè)試[J];計(jì)算機(jī)技術(shù)與發(fā)展;2012年04期
2 張長(zhǎng)旺;殷建平;蔡志平;祝恩;程杰仁;;基于擁塞參與度的分布式低速率DoS攻擊檢測(cè)過濾方法[J];計(jì)算機(jī)工程與科學(xué);2010年07期
3 趙磊;張笑盈;王麗娜;郭遲;;針對(duì)RED脆弱性的分布式LDoS攻擊構(gòu)造[J];武漢大學(xué)學(xué)報(bào)(理學(xué)版);2010年02期
4 何炎祥;曹強(qiáng);劉陶;韓奕;熊琦;;一種基于小波特征提取的低速率DoS檢測(cè)方法[J];軟件學(xué)報(bào);2009年04期
5 何炎祥;劉陶;韓奕;熊琦;曹強(qiáng);;一種針對(duì)LDoS攻擊的分布式協(xié)同檢測(cè)方法[J];小型微型計(jì)算機(jī)系統(tǒng);2009年03期
6 何炎祥;劉陶;曹強(qiáng);熊琦;韓奕;;低速率拒絕服務(wù)攻擊研究綜述[J];計(jì)算機(jī)科學(xué)與探索;2008年01期
7 吳志軍;張東;;低速率DDoS攻擊的仿真和特征提取[J];通信學(xué)報(bào);2008年01期
8 李德全;;拒絕服務(wù)攻擊原理解析[J];信息網(wǎng)絡(luò)安全;2007年03期
中國(guó)博士學(xué)位論文全文數(shù)據(jù)庫(kù) 前1條
1 吳瑋;Ad Hoc網(wǎng)絡(luò)擁塞檢測(cè)與控制的研究[D];哈爾濱工業(yè)大學(xué);2011年
本文編號(hào):2302718
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2302718.html
最近更新
教材專著
