期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于卡尔曼滤波的LDDoS攻击检测方法 被引量:15

Detection of LDDoS Attack Based on Kalman Filtering
下载PDF
导出
摘要 低速率分布式拒绝服务LDDoS(Low-rate Distributed Denial of Service)攻击是一种新型的DDoS攻击.它利用TCP协议超时重传RTO(Retransmission Time Out)机制,向受害者发送周期性的脉冲(Pulse)攻击.LDDoS平均攻击速率较低,因此它能躲避传统的检测方法.本文针对LDDoS攻击提出了一种基于卡尔曼(Kalman)滤波的检测方法,采用一步预测与最优估算的误差值作为检测依据.通过模拟仿真和在实际网络环境中测试,得到89.6%的检测率.实验结果表明本文方法能有效地检测出LDDoS攻击. LDDoS (Low-rate Distributed Denial of Service) attack is a new class of DDoS, which exploits TCP's RTO (Retransmission Time Out) mechanism.An LDDoS attack can elude the monitor of traditional detection approach by sending lowrate packets in the way of periodic pulse to a victim. This paper proposes an approach of detecting LDDoS attack based on kalman filter. The error between one step prediction and the optimal estimation is used as the detection criterion. Experiments in simulation environment and practical network are conducted to test the detect performance and about 89.6% detect probability is achieved.Resalts show that this approach has an expected effect in detecting LDDoS attack.
作者 吴志军 岳猛
机构地区 中国民航大学电子信息工程学院
出处 《电子学报》 EI CAS CSCD 北大核心 2008年第8期1590-1594,共5页 Acta Electronica Sinica
基金 国家自然科学基金委员会与中国民用航空总局联合资助项目(No.60776808) 中国民航大学科技启动资金项目(No.2006)
关键词 低速率分布式拒绝服务攻击 超时重传 TCP 流量 卡尔曼滤波 low-rate distributed denial of service (LDDoS) retransmission time out (RTO) TCP traffic kalman filtering
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献14

  • 1Yu Chen, Yu-Kwong Kwok, Kai Hwang. Collaborative Defense Against Periodic Shrew DDoS Attacks in Frequency Domain [ J ]. Journal of Parallel and Distributed Computing. 2006, 66 (9):1137- 1151.
  • 2M Delio.New breed of attack zombies lurk[R/OL].http://www.acm.org/technews/articles/2001-3/0514m.html.2001-5-1.
  • 3张杰,刘宗藩,孙东卫.网络入侵检测系统的实现[J].现代电子技术,2003,26(22):27-30. 被引量:2
  • 4李旺,吴礼发,胡谷雨.分布式网络入侵检测系统NetNumen的设计与实现[J].软件学报,2002,13(8):1723-1728. 被引量:31
  • 5Kuzmanovic A, Knightly E. Low-rate TCP-targeted denial of service attacks [ A ]. Proc ACM SIGCOMM'03 [ C ]. USA: ACM Press 2003.75 - 86.
  • 6Cheng C -M,Kung H, Tan K -S Tan.Use of spectral analysis in defense against DoS attacks[ J ]. Proc IEEE GLOBECOM. 2002,3(75) :2143 - 2148.
  • 7Y-K Kwok, R Tripathi, Y Chen, K Hwang. HAWK: Halting Anomaly with Weighted ChoKing to Rescue Well-Behaved TCP Sessions from Shrew DoS Attacks [ J]. LNCS Computer Networks and Mobile Computing. 2005,3619(47) :423 - 432.
  • 8Chen Y,Hwang K,Kwok YW. Filtering of shrew DDoS attacks in frequency domain[A]. In:Proc of the IEEE Conf. on Local Computer Networks, 30th Anniversary [ C ]. New York: IEEE Inc,2005. 786 - 793.
  • 9Kailath T, Sayed A H, Hassibi B, Sayed A H, Hassibi B.Linear Estimation[M] .NJ:Prentice Hall,2000.
  • 10Soule A, Salamatian K, Taft N. Traffic matrix tracking using kalman filters[ A]. ACM SIGMETRICS Performance Evaluation Review[ C ]. USA: ACM Press, 2005.33 (3) : 24 - 31.

二级参考文献4

  • 1[1]Allen, J., Christie, A., Fithen, W., et al. State of the practice of intrusion detection technologies. CMU/SEI-99-TR-028, 2000. http://www.sei.cmu.edu/publications/documents/99.reports/99tr028/99tr028abstract.html.
  • 2[2]Stevens, W.R. Unix Network Programming (Vol.1) Networking APIs: Sockets and XTI(2nd ed.). Prentice Hall PTR., 1998.
  • 3[3]Roesch, M. Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA'99 Conference. http://www.usenix.org/events/lisa99/full_papers/roesch/roesch.pdf
  • 4[4]Denial of Service Attacks. http://www.cert.org/tech_tips/denial_of_service.html.

共引文献31

同被引文献123

  • 1陈丽,陈静.基于支持向量机和k-近邻分类器的多特征融合方法[J].计算机应用,2009,29(3):833-835. 被引量:14
  • 2Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks and counter strategies[J].IEEE/ACM Transactions on Networking, 2006, 14(4): 683-696.
  • 3Guirguis M, Bestavros A, Matta I. Exploiting the transients of adaptation for RoQ attacks on internet resources[C]//Proceedings of the 12th IEEE International Conference on Network Protocols. Berlin: IEEE Computer Society, 2004:184-195.
  • 4Guirguis M, Bestavros A, Matta I, et al. Reduction of quality (RoQ) attacks on internet end-systems [C]// Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Miami: IEEE Computer Society, 2005: 1 362-1 372.
  • 5Luo X, Chang R. On a new class of pulsing denial-ofservice attacks and the defense[C]// Proceedings of Network and Distributed System Security Symposium. San Diego: Internet Society, 2005:67-85.
  • 6Zhang Ying, Mao Z M, Wang Jia. Low-rate TCP- targeted DoS attack disrupts internet routing[C]// Proceedings of Network and Distributed System Security Symposium. San Diego: Internet Society, 2007: 135-146.
  • 7Sun H, Lui J, Yau D. Defending against low-rate TCP attacks: dynamic detection and protection[C]// Proceedings of the 12th IEEE International Conference on Network Protocols. Berlin: IEEE Computer Society, 2004:196-205.
  • 8Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis [J]. Journal of Parallel and Distributed Computing, 2006. 66(9): 1 137-1 151.
  • 9Kwok Y K, Tripathi R, Chen Yu. Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks[C]// Proceedings of Networking and Mobile Computing. Zhangjiajie:Lecture Notes in Computer Science, 2005:423-432.
  • 10Dong K, Yang S B, Wang S L. Analysis of low-rate TCP DoS attack against FAST TCP[C] // Proceedings of the Sixth International Conference on Intelligent Systems Design and Applications. Jinan:IEEE Computer Society, 2006:86- 91.

引证文献15

二级引证文献68

电子学报
2008年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部