期刊文献+

基于时间序列分析的SYN Flooding源端检测方法 被引量:2

Detection method against SYN Flooding attacks based on source end by analysis of time series
下载PDF
导出
摘要 提出了一种基于时间序列分析从源端对SYN Flooding攻击进行检测的方法。该方法是为了从源端对网络流量进行检测并预测,从而判断是否发生了SYN Flooding攻击,为受害者端及时响应提供依据;利用攻击网络流量的自相似性,采用Bloom Filter提取数据流特征信息,构造网络流量时间序列,建立自回归预报模型;通过动态预测网络流量并与设定的阈值进行比较来对攻击预警,提前作出响应。仿真实验结果表明,该方法能准确地统计出网络中数据包和新源IP数据包的出现次数,具有较好的检测率和较低的误报率,能够较准确地预测出下一时间段甚至几个时间段的网络流量,能为有效防御SYN Flooding攻击提供有力的数据支撑。 This paper proposed a method of detecting DDoS attacks based on source end by analyzing the abrupt change of time series data.By detecting and predicting the data flow in the Internet at source end,the method could judge whether SYN Flooding was occurred or not for providing the foundation for the victim end.It extracted the characteristic information of data flow by using the self-similarity of network traffic flow and Bloom Filter algorithm,so that it could construct the time series of the network traffic flow and build the auto-regressive(AR) forecasting model.By dynamically forecasting traffic flow and comparing with definite threshold,pre-alert was sent and response was ahead adopted.The experimental results show that the scheme can count the number of the data packages and the number of the new IP data packages with the better detection rate and lower misinformation rate,besides,it can predict the traffic flow in the next period even several periods correctly,which can provide strong support for effectively defending against SYN Flooding attacks.
作者 王朝辉 苏旸
出处 《计算机应用研究》 CSCD 北大核心 2012年第6期2249-2252,共4页 Application Research of Computers
基金 陕西省自然科学基金资助项目(2010JM8034) 武警工程大学基金资助项目(wjy201027)
关键词 时间序列 BLOOM FILTER 自回归模型 SYN FLOODING 源端 time series Bloom Filter auto-regressive model SYN Flooding source end
  • 相关文献

参考文献14

  • 1徐恪,徐明伟,吴建平.分布式拒绝服务攻击研究综述[J].小型微型计算机系统,2004,25(3):337-346. 被引量:33
  • 2KANG Jian, ZHANG Zhe, JU Jiu-bin. Protect e-commerce against DDoS attacks with improved D-WARD detection system[ C]//Proc of IEEE International Conference on e-Technology, e-Commerce and e-Service. 2005 : 100-105.
  • 3BERNSTEIN D J, SHENK E. SYN cookie [ EB/OL]. (1996). http ://cr.yp. to/syncookies, html.
  • 4LEMON J. Resisting SYN flood DoS attacks with a SYN cache [C]// Proc of BSD Conference. Berkeley: USENIX Association,2002 : 13-20.
  • 5OHSITA Y,ATA S,MURATA M. Deployable overlay network for defense against distributed SYN flood attacks [ C ]//Proc of International Conference on Computer Communications and Networks. 2005:407-412.
  • 6MIRKOVIC J,PRIER G,REIHER PL. Attacking DDoS at the source [C]//Proc of the lOth IEEE International Conference on Network Protocols. 2002..312-321.
  • 7MIRKOVIC J. D-WARD: source end defense against distributed denial-of-service attacks[ M]. [ S. L ] :CSD of UCLA,2003.
  • 8MARK E C, AZER B. Self-similarity in World Wide Web traffic:evidence and possible causes[ J]. IEEE/ACM Trans on Networking, 1997,5(6) :835-846.
  • 9严芬,王佳佳,陈轶群,殷新春,黄皓.一种轻量级的SYN Flooding攻击检测方法[J].计算机科学,2008,35(9):72-75. 被引量:6
  • 10BRODER A,MITZENMACHER M. Network applications of bloom fil- ters : a survey[ J ]. Intemet Mathematics ,2004,1 (4) :485-509.

二级参考文献78

  • 1陈伟,何炎祥,彭文灵.一种轻量级的拒绝服务攻击检测方法[J].计算机学报,2006,29(8):1392-1400. 被引量:26
  • 2Handley M. DoS-Resistant Internet Subgroup Report[EB/ OL]. [2005-09-04]. http://www. communications, net/object/download/1543/doc/mjh-dos-summary.pelf.
  • 3Macia-Fernandez G, Diaz-Verdejo J E, Garcia-Teodoro P. Evaluation of a Low-Rate DoS Attack Against Application Servers [J]. Computers & Security, 2008,27 (7-8) : 335-354.
  • 4Kumar V A, Jayalekshmy P S, Patra G K, et al. On Remote Exploitation of TCP Sender for Low-Rate Flooding Denial-of-Service Attack [J].IEEE Communications Letters,2009, 13 (1):46-48.
  • 5Cheng C M, Kung H T, Tan K S. Use of Spectral Analysis in Defense Against DoS Attacks [C]// Proc of IEEE GLO- BECOM'02,2002: 2143-2148.
  • 6Lakhina A, Crovella M, IDiot C. Diagnosing Network-Wide Traffic Anomalies[C]// Proc of ACM SIGCOMM' 04,2004: 219-230.
  • 7Sanguk N, Gihyun J, Kyunghee C, et al. Compiling Network Traffic into Rules Using Soft Computing Methods for the Detection of Flooding Attacks[J]. Applied Soft Computing, 2008,8(3) : 1200-1210.
  • 8Keunsoo L, Juhyun K, Ki H K, et al. DDoS Attack Detection Method Using Cluster Analysis[J].Expert Systems with Applications, 2008,34(3) : 1659-1665.
  • 9Abdelsayed S, Glimsholtd D, Leckie C, et al.An Efficient Filter for Denial-of-Service Bandwidth Attacks [C]//Proc of the 46th IEEE GLOBECOM, 2003 :1353-1357.
  • 10Lakhina A, Crovella M, Diot C. Mining Anomalies Using Traffic Feature Distributions [C]// Proc of ACM SIGCOMM'O5, 2005 : 217-228.

共引文献89

同被引文献11

引证文献2

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部