基于ACK序号步长的LDoS攻击检测方法

吴志军; 潘卿波; 岳猛

doi:10.11959/j.issn.1000-436x.2018126

您当前的位置：

首页 >

文章列表页 >

基于ACK序号步长的LDoS攻击检测方法

学术论文 | 更新时间：2024-06-05

- 基于ACK序号步长的LDoS攻击检测方法
- Detection method of LDoS attack based on ACK serial number step-length
- 通信学报 2018年39卷第7期页码：139-147
- 作者机构：
  
  中国民航大学电子信息与自动化学院，天津 300300
- 作者简介：
  
  [ "吴志军（1965-），男，新疆库尔勒人，博士，中国民航大学教授、博士生导师，主要研究方向为网络空间安全。" ]
  [ "潘卿波（1992-），男，山西太原人，中国民航大学硕士生，主要研究方向为网络信息安全、低速率拒绝服务攻击的检测。" ]
  [ "岳猛（1984-），男，河北沧州人，博士，中国民航大学讲师，主要研究方向为信息安全、云计算、低速率拒绝服务攻击的检测。" ]
- 基金信息：
  
  国家自然基金委员会与中国民航局联合基金资助项目(U153310);天津市自然科学基金资助项目(17JCZDJC30900)
- DOI：10.11959/j.issn.1000-436x.2018126
  中图分类号： TP302
- 网络出版日期：2018-07，
  
  纸质出版日期：2018-07-25
- 稿件说明：
移动端阅览
吴志军, 潘卿波, 岳猛. 基于ACK序号步长的LDoS攻击检测方法[J]. 通信学报, 2018,39(7):139-147.

Zhijun WU, Qingbo PAN, Meng YUE. Detection method of LDoS attack based on ACK serial number step-length[J]. Journal on communications, 2018, 39(7): 139-147.
吴志军, 潘卿波, 岳猛. 基于ACK序号步长的LDoS攻击检测方法[J]. 通信学报, 2018,39(7):139-147. DOI： 10.11959/j.issn.1000-436x.2018126.

Zhijun WU, Qingbo PAN, Meng YUE. Detection method of LDoS attack based on ACK serial number step-length[J]. Journal on communications, 2018, 39(7): 139-147. DOI： 10.11959/j.issn.1000-436x.2018126.

摘要

低速率拒绝服务（LDoS

low-rate denial of service）攻击具有极强的隐蔽性，对大数据中心和云计算平台构成潜在的安全威胁。在研究LDoS攻击期间网络流量变化的基础上，对数据接收端回传给发送端的ACK数据分组进行统计分析，揭示了其序号步长在LDoS攻击期间具有的波动特征。采用排列熵的方法提取该特征，提出了一种基于ACK序号步长排列熵的LDoS攻击检测方法。该方法通过采集发送端收到的ACK数据分组，对其序号进行采样并计算步长；再利用对时间敏感性较强的排列熵算法检测出步长突变时刻，达到检测LDoS攻击的目的。在实际网络环境中设计和搭建了测试平台并对所提方法进行了验证，实验结果表明，所提方法具有较好的检测性能，取得了较好的检测效果。

Abstract

Low-rate denial of service (LDoS) attack is a potential security threat to big data centers and cloud computing platforms because of its strong concealment.Based on the analysis of network traffic during the LDoS attack

statistical analysis was given of ACK packets returned by the data receiver to the sender

and result reveals the sequence number step had the characteristics of volatility during the LDoS attack.The permutation entropy method was adopted to extract the characteristics of volatility.Hence

an LDoS attack detection method based on ACK serial number step permutation entropy was proposed.The serial number was sampled and the step length was calculated through collecting the ACK packets that received at the end of sender.Then

the permutation entropy algorithm with strong time-sensitive was used to detect the mutation step time

and achieve the goal of detecting LDoS attack.A test-bed was designed and built in the actual network environment for the purpose of verifying the proposed approach performance.Experimental results show that the proposed approach has better detection performance and has achieved better detection effect.

关键词

Keywords

references

KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies [J ] . IEEE/ACM Transactions on Networking , 2006 , 14 ( 4 ): 683 - 696 .

KUZMANOVIC A , KNIGHTLY E W.Low-rate TCP-targeted denial of service attacks:the shrew vs . the mice and elephants [C ] // ACM SIGCOMM 2003 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communication . 2003 : 75 - 86 .

文坤 , 杨家海 , 张宾 . 低速率拒绝服务攻击研究与进展综述 [J ] . 软件学报 , 2014 , 25 ( 3 ): 591 - 605 .

WEN K , YANG J H , ZHANG B . Survey on research and progress of low-rate denial of service attacks [J ] . Journal of Software , 2014 , 25 ( 3 ): 591 - 605 .

何炎祥 , 刘陶 , 曹强 , 等 . 低速率拒绝服务攻击研究综述 [J ] . 计算机科学与探索 , 2008 , 2 ( 1 ): 1 - 19 .

HE Y X , LIU T , CAO Q , et al . A survey of low-rate denial-of-service attacks [J ] . Journal of Frontiers of Computer Science and Technology , 2008 , 2 ( 1 ): 1 - 19 .

KWOK Y K , TRIPATHI R , CHEN Y , et al . HAWK:halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks [C ] // International Conference on NETWORKING and Mobile Computing . 2005 : 423 - 432 .

XIANG Y , LI K , ZHOU W . Low-rate DDoS attacks detection and trace back by using new information metrics [J ] . IEEE Transactions Information Forensics and Security , 2011 , 6 ( 2 ): 426 - 437 .

YUHEI H , JIA Y Z.SATOSHI N . Method for detecting low-rate attacks on basis of burst-state duration using quick packet-matching function [C ] // IEEE International Symposium on Local and Metropolitan Area Networks . 2017 : 1 - 2 .

CHENG C M , KUNG H , TAN K S . Use of spectral analysis in defense against DoS attacks [C ] // IEEE Global Telecommunications . 2002 : 2143 - 2148 .

何炎祥 , 曹强 , 刘陶 , 等 . 一种基于小波特征提取的低速率DoS检测方法 [J ] . 软件学报 , 2009 , 20 ( 4 ): 930 - 941 .

HE Y X , CAO Q , LIU T , et al . A low-rate Dos detection method based on feature extraction using wavelet transform [J ] . Journal of Software , 2009 , 20 ( 4 ): 930 - 941 .

PAUL C , MYONG K , ALEXANDER V . Spectral analysis of low rate of denial of service attacks detection based on fisher and Siegel tests [C ] // IEEE International Conference on Communications(ICC) . 2016 : 1 - 6 .

WEI W , FENG C , XIA Y , et al . A rank correlation based detection against distributed reflection DoS attacks [J ] . IEEE Communications Letters , 2013 , 17 ( 1 ): 173 - 175 .

BHUYAN M H , KALWAR A , GOSWAMI A , et al . Low-rate and high-rate distributed DoS attack detection using partial rank correlation [C ] // Fifth International Conference on Communication Systems and Network Technologies . 2015 : 706 - 710 .

CHEN K , LIU H Y , CHEN X S . Detecting LDoS attacks based on abnormal network traffic [J ] . KSII Transactions on Internet and Information Systems , 2012 , 6 ( 7 ): 1831 - 1853 .

FALL K R , RICHARD S W . TCP/IP详解卷1:协议 [M ] . 北京 : 机械工业出版社 , 2016 .

FALL K R , RICHARD S W . TCP/IP illustrated volume 1:the protocols [M ] . Beijing : China Machine PressPress , 2016 .

FENG F Z , RAO G Q , WEI S A . Application and development of permutation entropy algorithm [J ] . Journal of Academy of Armored Force Engineering , 2012 , 26 ( 2 ): 34 - 38 .

饶国强 , 冯辅周 , 司爱威 . 排列熵算法参数的优化确定方法研究 [J ] . 振动与冲击 , 2014 , 33 ( 1 ): 188 - 193 .

RAO G Q , FENG F Z , SI A W . Method for optimal determination of parameters in permutation entropy algorithm [J ] . Journal of Vibration and Shock , 2014 , 33 ( 1 ): 188 - 193 .

王海燕 , 盛昭瀚 . 混沌时间序列相空间重构参数的选取方法 [J ] . 东南大学学报(自然科学版) , 2000 , 30 ( 5 ): 113 - 117 .

WANA H Y , CHENG Z H . Choice of the parameters for the phase space reconstruction of Chaotic time series [D ] . Journal of Southeast University(Natural Science Edition) , 2000 , 30 ( 5 ): 113 - 117 .

刘永斌 . 基于非线性信号分析的滚动轴承状态监测诊断研究 [D ] . 合肥:中国科学技术大学 , 2011 .

LIU Y B . Nonlinear signal analysis for rolling bearing condition monitoring and fault diagnosis [D ] . Hefei:University of Science and Technology , 2011 .

浏览量

992

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于时间窗统计的LDoS攻击检测方法的研究

基于简单统计特征的LDoS攻击检测方法

物联网安全研究综述：威胁、检测与防御

基于词相关性特征的多归属谱聚类突发事件检测

基于混合特征的恶意PDF文档检测