基于卡方距離和AEWMA的LDoS攻擊檢測方法研究
發(fā)布時(shí)間:2018-10-31 15:34
【摘要】:LDoS(Low-rate Denial of Service)攻擊的攻擊數(shù)據(jù)往往混雜在有效數(shù)據(jù)中,具有較高的隱蔽性,難以被檢出,F(xiàn)階段針對LDoS攻擊檢測的研究工作尚處于初級階段,雖然已有的檢測方法能夠在某種程度上檢測出某些種類的LDoS攻擊,但還是存在諸多不足。因此,,探索新的、有效的、能夠?qū)崟r(shí)檢測LDoS攻擊的方法對提升網(wǎng)絡(luò)系統(tǒng)的安全性具有重要的理論價(jià)值和積極的現(xiàn)實(shí)意義。 對LDoS攻擊的方式與種類進(jìn)行了歸納,指出了LDoS攻擊的檢測難度,并對現(xiàn)有典型的LDoS攻擊檢測方法進(jìn)行了分析。 對網(wǎng)絡(luò)中有效TCP(Transmission Control Protocol)流量與其它流量在頻數(shù)分布上的特征進(jìn)行了分析,發(fā)現(xiàn)這兩類流量在無LDoS攻擊時(shí)和有LDoS攻擊時(shí)頻數(shù)分布上存在較大的差異,為此引入了“距離”的度量方法。以此為基礎(chǔ)提出了一種基于卡方距離的LDoS攻擊檢測方法,給出了相應(yīng)的檢測算法,同時(shí)對影響到檢測結(jié)果精度的參數(shù)進(jìn)行了細(xì)致的討論。最后通過仿真實(shí)驗(yàn)證明了該方法的有效性。 對有效TCP流量在多種情形中分布形態(tài)的差異性進(jìn)行了分析,歸納出各種情形下有效TCP流量的分布特征,進(jìn)而提出了一種基于AEWMA(Adaptive ExponentiallyWeighted Moving Average)的LDoS攻擊檢測方法。同時(shí)就判別準(zhǔn)則所涉及到的相關(guān)參數(shù)進(jìn)行了深入的討論。最后通過仿真實(shí)驗(yàn)證明了該方法的有效性。 通過對上述兩種獨(dú)立的方法存在的不足進(jìn)行了分析,發(fā)現(xiàn)兩種方法具有很強(qiáng)的互補(bǔ)性,為此構(gòu)建了一種綜合的LDoS攻擊檢測方法,對兩種方法進(jìn)行了融合,通過仿真實(shí)驗(yàn)證明這種融合后的綜合檢測方法相較原有的兩種獨(dú)立的方法在保證了較好的檢測準(zhǔn)確率的同時(shí),具備更低的漏報(bào)率和誤報(bào)率。
[Abstract]:The attack data of LDoS (Low-rate Denial of Service) attack) are often mixed in the effective data, which have high concealment and are difficult to be detected. At present, the research on LDoS attack detection is still in the primary stage. Although the existing detection methods can detect some kinds of LDoS attacks to some extent, there are still many shortcomings. Therefore, exploring new, effective and real-time detection methods of LDoS attacks has important theoretical value and positive practical significance in improving the security of network systems. The methods and types of LDoS attacks are summarized, the difficulty of detecting LDoS attacks is pointed out, and the existing typical LDoS attack detection methods are analyzed. In this paper, the characteristics of effective TCP (Transmission Control Protocol) traffic and other traffic in frequency distribution are analyzed. It is found that there are great differences between the frequency distribution of these two kinds of traffic in the absence of LDoS attack and in the presence of LDoS attack. For this reason, the measurement method of "distance" is introduced. Based on this, a LDoS attack detection method based on chi-square distance is proposed, and the corresponding detection algorithm is given. At the same time, the parameters that affect the accuracy of the detection results are discussed in detail. Finally, the effectiveness of the method is proved by simulation experiments. Based on the analysis of the difference of effective TCP traffic distribution patterns in various cases, the distribution characteristics of effective TCP traffic under various circumstances are summarized, and a LDoS attack detection method based on AEWMA (Adaptive ExponentiallyWeighted Moving Average) is proposed. At the same time, the related parameters involved in the criterion are discussed in depth. Finally, the effectiveness of the method is proved by simulation experiments. By analyzing the shortcomings of the above two independent methods, it is found that the two methods are highly complementary. For this reason, a comprehensive LDoS attack detection method is constructed, and the two methods are fused. The simulation results show that compared with the original two independent methods, the proposed integrated detection method has lower false alarm rate and lower false alarm rate as well as better detection accuracy.
【學(xué)位授予單位】:華中科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2302718
[Abstract]:The attack data of LDoS (Low-rate Denial of Service) attack) are often mixed in the effective data, which have high concealment and are difficult to be detected. At present, the research on LDoS attack detection is still in the primary stage. Although the existing detection methods can detect some kinds of LDoS attacks to some extent, there are still many shortcomings. Therefore, exploring new, effective and real-time detection methods of LDoS attacks has important theoretical value and positive practical significance in improving the security of network systems. The methods and types of LDoS attacks are summarized, the difficulty of detecting LDoS attacks is pointed out, and the existing typical LDoS attack detection methods are analyzed. In this paper, the characteristics of effective TCP (Transmission Control Protocol) traffic and other traffic in frequency distribution are analyzed. It is found that there are great differences between the frequency distribution of these two kinds of traffic in the absence of LDoS attack and in the presence of LDoS attack. For this reason, the measurement method of "distance" is introduced. Based on this, a LDoS attack detection method based on chi-square distance is proposed, and the corresponding detection algorithm is given. At the same time, the parameters that affect the accuracy of the detection results are discussed in detail. Finally, the effectiveness of the method is proved by simulation experiments. Based on the analysis of the difference of effective TCP traffic distribution patterns in various cases, the distribution characteristics of effective TCP traffic under various circumstances are summarized, and a LDoS attack detection method based on AEWMA (Adaptive ExponentiallyWeighted Moving Average) is proposed. At the same time, the related parameters involved in the criterion are discussed in depth. Finally, the effectiveness of the method is proved by simulation experiments. By analyzing the shortcomings of the above two independent methods, it is found that the two methods are highly complementary. For this reason, a comprehensive LDoS attack detection method is constructed, and the two methods are fused. The simulation results show that compared with the original two independent methods, the proposed integrated detection method has lower false alarm rate and lower false alarm rate as well as better detection accuracy.
【學(xué)位授予單位】:華中科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻(xiàn)】
中國期刊全文數(shù)據(jù)庫 前8條
1 肖權(quán)權(quán);段迅;;基于NS2的網(wǎng)絡(luò)仿真與性能測試[J];計(jì)算機(jī)技術(shù)與發(fā)展;2012年04期
2 張長旺;殷建平;蔡志平;祝恩;程杰仁;;基于擁塞參與度的分布式低速率DoS攻擊檢測過濾方法[J];計(jì)算機(jī)工程與科學(xué);2010年07期
3 趙磊;張笑盈;王麗娜;郭遲;;針對RED脆弱性的分布式LDoS攻擊構(gòu)造[J];武漢大學(xué)學(xué)報(bào)(理學(xué)版);2010年02期
4 何炎祥;曹強(qiáng);劉陶;韓奕;熊琦;;一種基于小波特征提取的低速率DoS檢測方法[J];軟件學(xué)報(bào);2009年04期
5 何炎祥;劉陶;韓奕;熊琦;曹強(qiáng);;一種針對LDoS攻擊的分布式協(xié)同檢測方法[J];小型微型計(jì)算機(jī)系統(tǒng);2009年03期
6 何炎祥;劉陶;曹強(qiáng);熊琦;韓奕;;低速率拒絕服務(wù)攻擊研究綜述[J];計(jì)算機(jī)科學(xué)與探索;2008年01期
7 吳志軍;張東;;低速率DDoS攻擊的仿真和特征提取[J];通信學(xué)報(bào);2008年01期
8 李德全;;拒絕服務(wù)攻擊原理解析[J];信息網(wǎng)絡(luò)安全;2007年03期
中國博士學(xué)位論文全文數(shù)據(jù)庫 前1條
1 吳瑋;Ad Hoc網(wǎng)絡(luò)擁塞檢測與控制的研究[D];哈爾濱工業(yè)大學(xué);2011年
本文編號:2302718
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2302718.html
最近更新
教材專著
