摘要
考虑到统计数学模型具有主观偏差小,考察问题相对全面的优势,作者利用一个统计数学模型研究一种网络阻塞攻击防御方法,以提升攻击检测能力,降低网络拥塞率。首先针对网络流量奇异性特征统计的网络阻塞攻击检测方法,利用小波变换重构受害端的网络流量,经过高斯小波与信号的卷积运算,获取时域的网络流量信号奇异特征,并以此为基础选择检测时间窗口,计算检测窗口的均值与标准差,从而完成网络阻塞攻击的数据检测。其次,通过基于流量的网络阻塞攻击防御方法,流量限制方式为黑名单IP防御以及非频繁域名请求,完成网络阻塞攻击防御。最后,基于以上方法的实验结果说明:将距离判断门限设置为0.3,检测率、虚警率、漏警率分别为95.93%、2.12%、2.69%,网络阻塞攻击检测能力较强;该方法使用后不同类型攻击下网络拥塞率始终低于10%。
Considering the subjective deviation of statistical mathematical model has small and has relatively comprehensive advantages in examining questions,this paper uses a statistical mathematical model to study a method of network defense blocking attack so as to enhance the detection ability and to reduce the network congestion.Firstly,through aiming at the network blocking attack detection method of network traffic singularity statistics,reconstructing network traffic at the victim end by wavelet transform,calculating the mean and standard deviation of the detection window,the singular characteristics of network flow signal in time domain are obtained.Based on this,the detection time windowis selected,and the mean value and standard deviation of the detection windoware calculated,so as to complete the data detection of network blocking attack.Secondly,based on traffic congestion attack defense,traffic limit way to blacklist IP defense as well as the frequent domain name request,network attack defense was completed.Finally,based on the above,the experimental results showthat:when the distance judgment threshold is set to 0.3,the detection rate and false alarmrate and missing alarm rate are 95.93%,2.12%and 2.69%respectively,and the network congestion rate under different types of attacks is always less than 10%after using the method.
作者
周燕茹
ZHOU Yan-ru(School of Mathematics and Statistics,Chaohu University,Chaohu 238000,China)
出处
《遵义师范学院学报》
2022年第2期94-98,共5页
Journal of Zunyi Normal University
基金
安徽省省级教学研究项目(2020jyxm1256)。
关键词
统计数学模型
网络阻塞
攻击防御
小波变换
奇异性
网络流量
statistical mathematical model
network congestion
attack defense
wavelet transform
singularity
network flow