摘要
提出了一种利用蚁群聚类检测应用层分布式拒绝服务攻击的方法,根据合法用户和攻击用户在浏览行为上的差异,从合法用户的Web日志中提取用户会话并计算不同会话间的相似度,运用一种蚁群聚类算法自适应地建立检测模型,利用该模型对待检测会话进行攻击识别。实验结果表明该方法能够有效地检测出攻击行为,并具有较好的适应性。
A novel method using ant clustering to detect application layer Distributed Denial of Service(DDoS) attacks is presented.According to the difference between normal users’browsing patterns and abnormal ones,user sessions are extract- ed from the web logs of normal users and similarities between different sessions are calculated,an improved ant clustering algorithm is employed to generate an adaptive detecting model.This model can be used to detect whether the undetermined sessions are DDoS attacks or not.The experiment results show that this method can detect attacks effectively and has a good performance in adaptability
出处
《计算机工程与应用》
CSCD
北大核心
2011年第14期99-102,共4页
Computer Engineering and Applications
基金
国家自然科学基金 No.NSFC90718032~~
关键词
应用层拒绝服务攻击
浏览行为
蚁群聚类算法
异常检测
application layer denial of service attack
browsing behavior
ant clustering algorithm
abnormity detection