基于信號互相關(guān)的LDoS攻擊檢測方法
發(fā)布時間:2019-06-29 12:37
【摘要】:LDoS(Low-Rate Denial of Service)攻擊利用TCP擁塞控制協(xié)議的缺陷,向受害者發(fā)送高強度的短時周期脈沖流量。系統(tǒng)狀態(tài)不斷的在穩(wěn)定與不穩(wěn)定的狀態(tài)間切換,導致網(wǎng)絡(luò)的傳輸性能下降,以到達攻擊目的。LDoS攻擊的平均攻擊流量很小完全隱藏在正常流量中,因此,從背景流量中檢測LDoS攻擊十分困難。分布式的低速率拒絕服務LDDoS(Low-rate Distributed DoS)攻擊是由大量的LDoS攻擊小脈沖形成較大的攻擊脈沖。這小脈沖能隱藏在正常流量中。所有的分布式小脈沖通過不同的傳輸通道在特定的位置在精確的時間組成LDDoS攻擊脈沖。因此,這些分布式的攻擊脈沖之間有一定的相關(guān)性,每個攻擊脈沖具有嚴格的時序關(guān)系。本文針對分布式LDoS攻擊脈沖到達目標端的時序關(guān)系,提出了基于信號互相關(guān)的LDoS攻擊檢測方法。該方法通過計算構(gòu)造的檢測序列與采樣得到的網(wǎng)絡(luò)流量序列的相關(guān)性,得到相關(guān)序列,采用基于循環(huán)卷積的互相關(guān)算法來計算攻擊脈沖經(jīng)過不同傳輸通道在特定的攻擊目標端的精確時間,利用無周期單脈沖預測技術(shù)估計LDoS攻擊的周期參數(shù),提取LDoS攻擊的脈沖在時域上的相關(guān)性特征,并設(shè)計判決門限規(guī)則,進行了實驗。實驗結(jié)果表明基于信號互相關(guān)的LDoS攻擊檢測方法具有較好的檢測性能。
[Abstract]:LDoS (Low-Rate Denial of Service) attack) takes advantage of the defects of TCP congestion control protocol to send high intensity short-term periodic pulse traffic to victims. The system state is constantly switching between stable and unstable states, which leads to the decline of network transmission performance in order to achieve the purpose of attack. The average attack traffic of LDOs attack is very small and completely hidden in the normal traffic, so it is very difficult to detect LDoS attack from background traffic. Distributed low rate denial of service LDDoS (Low-rate Distributed DoS) attack is a large number of LDoS attack small pulse to form a large attack pulse. This small pulse can be hidden in normal traffic. All distributed small pulse forms LDDoS attack pulse at a specific position at a specific time through different transmission channels. Therefore, there is a certain correlation between these distributed attack impulses, and each attack pulse has a strict timing relationship. Aiming at the timing relation of distributed LDoS attack pulse arriving at the target end, a LDoS attack detection method based on signal cross-correlation is proposed in this paper. By calculating the correlation between the constructed detection sequence and the sampled network traffic sequence, the correlation sequence is obtained. The exact time of the attack pulse passing through different transmission channels at the specific target end is calculated by using the cross-correlation algorithm based on cyclic convolution. The periodic parameters of the LDoS attack are estimated by using the aperiodic monopulse prediction technique, and the correlation characteristics of the LDoS attack pulse in the time domain are extracted. The decision threshold rule is designed and the experiment is carried out. The experimental results show that the LDoS attack detection method based on signal cross-correlation has good detection performance.
【學位授予單位】:中國民航大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
本文編號:2507824
[Abstract]:LDoS (Low-Rate Denial of Service) attack) takes advantage of the defects of TCP congestion control protocol to send high intensity short-term periodic pulse traffic to victims. The system state is constantly switching between stable and unstable states, which leads to the decline of network transmission performance in order to achieve the purpose of attack. The average attack traffic of LDOs attack is very small and completely hidden in the normal traffic, so it is very difficult to detect LDoS attack from background traffic. Distributed low rate denial of service LDDoS (Low-rate Distributed DoS) attack is a large number of LDoS attack small pulse to form a large attack pulse. This small pulse can be hidden in normal traffic. All distributed small pulse forms LDDoS attack pulse at a specific position at a specific time through different transmission channels. Therefore, there is a certain correlation between these distributed attack impulses, and each attack pulse has a strict timing relationship. Aiming at the timing relation of distributed LDoS attack pulse arriving at the target end, a LDoS attack detection method based on signal cross-correlation is proposed in this paper. By calculating the correlation between the constructed detection sequence and the sampled network traffic sequence, the correlation sequence is obtained. The exact time of the attack pulse passing through different transmission channels at the specific target end is calculated by using the cross-correlation algorithm based on cyclic convolution. The periodic parameters of the LDoS attack are estimated by using the aperiodic monopulse prediction technique, and the correlation characteristics of the LDoS attack pulse in the time domain are extracted. The decision threshold rule is designed and the experiment is carried out. The experimental results show that the LDoS attack detection method based on signal cross-correlation has good detection performance.
【學位授予單位】:中國民航大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前10條
1 吳志軍;曾化龍;岳猛;;基于時間窗統(tǒng)計的LDoS攻擊檢測方法的研究[J];通信學報;2010年12期
2 馮江;劉淵;;基于熵參數(shù)的DDoS攻擊檢測算法研究[J];計算機工程與設(shè)計;2009年21期
3 孫長華;劉斌;;分布式拒絕服務攻擊研究新進展綜述[J];電子學報;2009年07期
4 何炎祥;曹強;劉陶;韓奕;熊琦;;一種基于小波特征提取的低速率DoS檢測方法[J];軟件學報;2009年04期
5 劉暢;薛質(zhì);施勇;;基于快速重傳/恢復的低速拒絕服務攻擊[J];信息安全與通信保密;2008年12期
6 汪華斌;劉衛(wèi)國;;基于NS2的RED和BLUE算法仿真及結(jié)果分析[J];計算機與現(xiàn)代化;2008年11期
7 吳志軍;岳猛;;基于卡爾曼濾波的LDDoS攻擊檢測方法[J];電子學報;2008年08期
8 吳志軍;岳猛;;低速率拒絕服務LDoS攻擊性能的研究[J];通信學報;2008年06期
9 魏蔚;董亞波;魯東明;金光;;低速率TCP拒絕服務攻擊的檢測響應機制[J];浙江大學學報(工學版);2008年05期
10 何炎祥;劉陶;曹強;熊琦;韓奕;;低速率拒絕服務攻擊研究綜述[J];計算機科學與探索;2008年01期
,本文編號:2507824
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2507824.html
最近更新
教材專著
