基于联合特征的LDoS攻击检测方法

吴志军; 张景安; 岳猛; 张才峰

doi:10.11959/j.issn.1000-436x.2017075

您当前的位置：

首页 >

文章列表页 >

基于联合特征的LDoS攻击检测方法

学术论文 | 更新时间：2024-06-05

- 基于联合特征的LDoS攻击检测方法
- Approach of detecting low-rate DoS attack based on combined features
- 通信学报 2017年38卷第5期页码：19-30
- 作者机构：
  
  中国民航大学电子信息与自动化学院，天津 300300
- 作者简介：
  
  [ "吴志军（1965-），男，河南固始人，博士，中国民航大学教授、博士生导师，主要研究方向为网络空间安全。" ]
  [ "张景安（1989-），男，山东临沂人，中国民航大学硕士生，主要研究方向为信息安全、拒绝服务攻击的入侵检测。" ]
  [ "岳猛（1984-），男，河北沧州人，中国民航大学讲师，主要研究方向为信息安全、云计算、拒绝服务攻击的入侵检测。" ]
  [ "张才峰（1991-），男，山东济南人，中国民航大学硕士生，主要研究方向为信息安全、拒绝服务攻击的入侵检测。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(U1533107);国家自然科学基金资助项目;The National Natural Science Foundation of China(U1433105);中央高校基本科研业务基金资助项目;Fundamental Scientific Research Foundation of the Central University(3122016D003);中国民航大学研究生课程案例开发基金资助项目;Case Development Project of Graduate Program in Civil Aviation University of China;天津市自然科学重点基金资助项目;Key Project of Tianjin Natural Science Foundation(17JCZDJC30900）)
- DOI：10.11959/j.issn.1000-436x.2017075
  中图分类号： TP393.08
- 网络出版日期：2017-05，
  
  纸质出版日期：2017-05-25
- 稿件说明：
移动端阅览
吴志军, 张景安, 岳猛, 等. 基于联合特征的LDoS攻击检测方法[J]. 通信学报, 2017,38(5):19-30.

Zhi-jun WU, Jing-an ZHANG, Meng YUE, et al. Approach of detecting low-rate DoS attack based on combined features[J]. Journal on communications, 2017, 38(5): 19-30.
吴志军, 张景安, 岳猛, 等. 基于联合特征的LDoS攻击检测方法[J]. 通信学报, 2017,38(5):19-30. DOI： 10.11959/j.issn.1000-436x.2017075.

Zhi-jun WU, Jing-an ZHANG, Meng YUE, et al. Approach of detecting low-rate DoS attack based on combined features[J]. Journal on communications, 2017, 38(5): 19-30. DOI： 10.11959/j.issn.1000-436x.2017075.

摘要

低速率拒绝服务（LDoS

low-rate denial of service）攻击是一种降质服务（RoQ

reduction of quality）攻击，具有平均速率低和隐蔽性强的特点，它是云计算平台和大数据中心面临的最大安全威胁之一。提取了LDoS攻击流量的3个内在特征，建立基于BP神经网络的LDoS攻击分类器，提出了基于联合特征的LDoS攻击检测方法。该方法将LDoS攻击的3个内在特征组成联合特征作为BP神经网络的输入，通过预先设定的决策指标，达到检测LDoS攻击的目的。采用LDoS攻击流量专用产生工具，在NS2仿真平台和test-bed网络环境中对检测算法进行了测试与验证，实验结果表明通过假设检验得出检测率为 96.68%。与现有研究成果比较说明基于联合特征的LDoS攻击检测性优于单个特征，并具有较高的计算效率。

Abstract

LDoS (low-rate denial of service) attack is a kind of RoQ (reduction of quality) attack which has the characteristics of low average rate and strong concealment.These characteristics pose great threats to the security of cloud computing platform and big data center.Based on network traffic analysis

three intrinsic characteristics of LDoS attack flow were extracted to be a set of input to BP neural network

which is a classifier for LDoS attack detection.Hence

an approach of detecting LDoS attacks was proposed based on novel combined feature value.The proposed approach can speedily and accurately model the LDoS attack flows by the efficient self-organizing learning process of BP neural network

in which a proper decision-making indicator is set to detect LDoS attack in accuracy at the end of output.The proposed detection approach was tested in NS2 platform and verified in test-bed network environment by using the Linux TCP-kernel source code

which is a widely accepted LDoS attack generation tool.The detection probability derived from hypothesis testing is 96.68%.Compared with available researches

analysis results show that the performance of combined features detection is better than that of single feature

and has high computational efficiency.

关键词

Keywords

references

吴志军 , 岳猛 . 基于信号处理的低速率拒绝服务攻击的检测技术 [M ] . 北京 : 科学出版社 , 2015 .

WU Z J , YUE M . Detection technology of LDoS attacks based on signal processing [M ] . Beijing : Science PressPress , 2015 .

MACIÁ-FERNÁNDEZ G , DÍAZ-VERDEJO J E , GARCÍA-TEODORO P . Mathematical model for low-rate DoS attacks against application servers [J ] . IEEE Transactions on Information Forensics and Security , 2009 , 4 ( 3 ): 519 - 529 .

TANG Y J , LUO X P , HUI Q , et al . Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks [J ] . IEEE Transactions on Information Forensics and Security , 2014 , 9 ( 3 ): 339 - 353 .

FICCO M , RAK M . Stealthy denial of service strategy in cloud computing [J ] . IEEE Transactions on Cloud Computing , 2015 , 3 ( 1 ): 80 - 94 .

KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks- the Shrew vs.the Mice and Elephants [C ] // ACM SIGCOMM 2003 . Karlsruhe,Germany , 2003 : 25 - 29 .

KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies [J ] . IEEE/ACM Transactions on Networking , 2006 , 14 ( 4 ): 683 - 696 .

何炎祥 , 刘陶 . 降质服务攻击及其防范方法 [M ] . 北京 : 机械工业出版社 , 2011 .

HE Y X , LIU T . Reduction of quality attack and the defense methods [M ] . Beijing : China Machine PressPress , 2011 .

TANG Y , LUO X , HUI Q , et al . Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks [J ] . IEEE Transactions on Information Forensics and Security (TIFS) , 2014 , 9 ( 3 ): 339 - 353 .

文坤 , 杨家海 , 张宾 . 低速率拒绝服务攻击研究与进展综述 [J ] . 软件学报 , 2014 , 25 ( 3 ): 591 - 605 .

WEN K , YANG J H , ZHANG B . Survey on research and progress of low-rate denial of service attacks [J ] . Journal of Software , 2014 , 25 ( 3 ): 591 - 605 .

ZHU H L , YANG X , WU Q X , et al . A novel distributed LDoS attack scheme against internet routing [J ] . China Communications , 2014 , 113 : 101 - 107 .

LUO J T , YANG X L . The new shrew attack:a new type of low-rate TCP-targeted DoS attack [C ] // International Conference on Communications,Sydney,Australia , 2014 : 713 - 718 .

LUO J T , YANG X L , WANG J , et al . On a mathematical model for low-rate shrew DDoS [J ] . IEEE Transactions on Information Forensics and Security (TIFS) , 2014 , 9 ( 7 ): 1069 - 1083 .

张静 , 胡华平 , 刘波 , 等 . 基于ASPQ的LDoS攻击检测方法 [J ] . 通信学报 , 2012 , 33 ( 5 ): 79 - 84 .

ZHANG J , HU H P , LIU B , et al . Detecting LDoS attack based on ASPQ [J ] . Journal on Communications , 2012 , 33 ( 5 ): 79 - 84 .

ZHANG C , YIN J , CAI Z , et al . RRED:robust RED algorithm to counter low-rate denial-of-service attacks [J ] . IEEE Communication Letter , 2010 , 415 : 489 - 491 .

马建红 , 姬莉霞 , 文坤 . Shrew 攻击对拥塞控制协议的影响及仿真分析 [J ] . 河南科技大学学报(自然科学版) , 2013 , 34 ( 4 ): 51 - 56 .

MA J H , JI L X , WEN K . Shrew attacks’ influence of congestion control protocol and simulation analysis [J ] . Journal of Henan University of Science ＆ Technology (Natural Science) , 2013 , 34 ( 4 ): 51 - 56 .

刘文胜 , 周长胜 . 基于路由器 BGP 协议的低速率攻击与防御 [J ] . 北京信息科技大学学报 , 2014 , 29 ( 6 ): 90 - 94 .

LIU W S , ZHOU C S . Low-rate attack and defense based on BGP protocol router [J ] . Journal of Beijing Information Science and Technology University , 2014 , 29 ( 16 ): 90 - 94 .

WEI W , CHEN F , XIA Y J , et al . A rank correlation based detection against distributed reflection DoS attacks [J ] . IEEE Communications Letters , 2013 , 17 ( 1 ): 173 - 175 .

CHEN Y , HUANG K , KWONG K Y . Collaborative defense against periodic shrew DDoS attacks in frequency domain [C ] // ACM Transactions on Information and System Security . ACM:Los Angeles,California,USA , 2005 : 2 - 27 .

TANG D , CHEN K , CHEN X S , et al . Adaptive EWMA method based on abnormal network traffic for LDoS attacks [J ] . Mathematical Problems in Engineering , 2014 ( 3 ): 166 - 183 .

WU Z J , ZHANG L Y , YUE M . Low-rate dos attacks detection based on network multifractal [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 315 : 559 - 567 .

刘映 . 基于TCP流量统计特征的LDoS攻击检测方法研究 [D ] . 华中科技大学 , 2015 .

LIU Y . Research on LDoS attacks detection method based on the statistical features of TCP traffic [D ] . Huazhong University of Science and Technology , 2015 .

KWOK Y K , TRIPATHI R , CHEN Y , et al . HAWK:halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks [C ] // Networking and Mobile Computing,Third International Conference,ICCNMC 2005 . 2005 : 423 - 432 .

张静 , 胡华平 , 刘波 , 等 . 基于ASPQ的LDoS攻击检测方法 [J ] . 通信学报 , 2012 , 33 ( 5 ): 79 - 84 .

ZHANG J , HU H P , LIU B , et al . Detecting LDoS attack based on ASPQ [J ] . Journal on Communications , 2012 , 33 ( 5 ): 79 - 84 .

吴娜 , 穆朝阳 , 张良春 . 基于数据流势能特征的分布式拒绝服务隐蔽流量检测 [J ] . 计算机工程 , 2015 , 42 ( 3 ): 142 - 146 .

WU N , MU C Y , ZHANG L C . Distributed denial of service covert flow detection based on data stream potential energy feature [J ] . Computer Engineering , 2015 , 42 ( 3 ): 142 - 146 .

李振军 , 程杰仁 . 基于多特征分布式拒绝服务攻击的检测 [J ] . 信息网络安全 , 2013 ( 5 ): 25 - 28 .

LI Z J , CHENG J R . Detecting distributed denial of service attack based on multi-feature fusion [J ] . Netinfo Security , 2013 ( 5 ): 25 - 28 .

HSIAO K J , XU K S , CALDER J , et al . Multicriteria similarity-based anomaly detection using pareto depth analysis [J ] . IEEE Transactions on Neural Networks and Learning Systems , 2016 , 27 ( 6 ): 1307 - 1321 .

徐琴珍 , 杨绿溪 . 一种优化的神经网络树异常入侵检测方法 [J ] . 信号处理 , 2010 , 26 ( 11 ): 1663 - 1669 .

XU Q Z , YANG L X . An optimized neural network tree based anomaly intrusion detection method [J ] . Journal of Signal Processing , 2010 , 26 ( 11 ): 1663 - 1669 .

吴志军 , 岳猛 . 基于卡尔曼滤波的LDDoS攻击检测方法 [J ] . 电子学报 , 2008 , 36 ( 8 ): 1590 - 1594 .

WU Z J , YUE M . Detection of LDDoS attack based on Kalman filtering [J ] . Acta Electronica Sinica , 2008 , 26 ( 8 ): 1590 - 1594 .

浏览量

2065

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

网络异常检测中的流量表示研究

基于SDN的物联网边缘节点间数据流零信任管理

基于数字孪生的工业互联网安全检测与响应研究

基于内存增强自编码器的轻量级无人机网络异常检测模型

基于随机Transformer的多维时间序列异常检测模型