摘要
DoS攻击检测是入侵检测系统中的重要课题,针对这一亟待解决的问题,综合数据挖掘技术、分形技术和通信流分类技术,分析现有基于网络的DoS攻击检测方法的不足,提出基于熵的属性分类挖掘方法和基于分形维的DoS攻击检测算法FDD DoS,FDD DoS算法分为训练和检测两个阶段,在训练阶段,首先获取到达服务器的通信流,通过计算得到分类后通信流的分形维数值和偏差阈值。在检测阶段,FDD DoS实时计算通信流的分形维,如果偏差小于训练阶段得到的阈值,则修改分形维值(学习进化的过程),否则,可判定发生了DoS攻击。在实际网络环境cs.scu.edu.cn上对FDD DoS算法进行了连续8周的测试,利用训练结果,并模拟DoS攻击,试验证明该算法能有效检测DoS攻击。
Detecting DoS attack is an important issue in IDS. Due to the non-stability of the network flow, the accuracy of the existing methods is poor. To solve the problem, Borrowing the idea from data mining and Fraction math, this article makes following contributions: 1) analyzes flaw of existing method. 2) puts forward a new algorithm named FDD-DoS based on fractal to detect DoS attack according to classification of WEB server's flow. The algorithm is divided into two steps. In learning phase, FDD-DoS records the normal users' character of access, and then computes the correlation fractal dimension and threshold. In detecting phase, FDD-DoS computes the correlation fractal dimension real-timely using FDD-DoS algorithm; if difference of the correlation fractal dimension between learning and detecting is less than threshold, FDD-DoS modifies the correlation fractal dimension (evolved through self-learning), otherwise reports DoS attack. 3) Implements the FDD-DoS system based Linux and tests it on a real environment. The experiment results, for 8 weeks, show that correlation fractal dimension and threshold is very stable. When simulating DoS attack on the real environment cs.scu.edu.cn with bursting packages, the WEB server and all connection can work normally.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
2004年第6期87-92,共6页
Journal of Sichuan University (Engineering Science Edition)
基金
教育部博士点专项基金资助项目(20020610007)
国家自然科学基金资助项目(60473071)
关键词
DOS攻击
分形维
数据挖掘
分类
Algorithms
Classification (of information)
Data mining
Fractals
Real time systems