摘要
DDoS(Distributed Denial of Service)攻击检测方法中,基于网络流量自相似性的检测方法作为一种异常检测方法,对网络流量变化情况比较敏感,检测率较高,然而同时也存在误报率较高的问题。对传统自相似方法以及网络中可能引起流量异常的事件进行分析,在此基础上提出一种改进的检测算法WAIE。WAIE采用小波分析的方法计算网络流量的Hurst指数并引入信息论中的信息熵对源IP地址的分散程度进行度量,根据初始阶段Hurst指数及熵值的变化自适应地设定阈值以检测攻击的发生。采用MIT林肯实验室发布的数据集以及实验室环境下采集的数据集进行实验,实验结果表明该算法能准确检测到攻击的发生。
Among the DDoS ( Distributed Denial of Service) attack detection methods, the one based on self-similarity of network traffic is an abnormal detection method and is sensitive to the changes in network traffic and has higher detection rate but with higher false alarm rate as well. In this paper, we analyse the traditional self-similarity based method and the events of traffic anomaly may caused in the network, on that basis we propose an improved detection algorithm WAIE. The new algorithm uses wavelet analysis to calculate the Hurst index of network traffic and introduces the information entropy in information theory to measure the dispersion degree of source IP addresses. WAIE can adaptively set the thresholds to detect the occurrence of attacks according to the variations of Hurst index and entropy value in initial stage. Experiments are carried out using the dataset issued by Lincoln Laboratory of MIT and the dataset collected in laboratory environment, the results of experiments show that the algorithm can accurately detect the occurrence of attacks.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第6期307-311,共5页
Computer Applications and Software
