一种DDoS攻击的检测算法

doi:10.3969/j.issn.1000-0801.2010.09.027

摘要/Abstract

摘要：

对于骨干网中存在的DDoS攻击，由于背景流量巨大，且分布式指向受害者的多个攻击流尚未汇聚，因此难以进行有效的检测。为了解决该问题，本文提出一种基于全局流量异常相关分析的检测方法，根据攻击流引起流量之间相关性的变化，采用主成份分析提取多条流量中的潜在异常部分之间的相关性，并将相关性变化程度作为攻击检测测度。实验结果证明了测度的可用性，能够克服骨干网中DDoS攻击流幅值相对低且不易检测的困难，同现有的全局流量检测方法相比，该方法能够取得更高的检测率。

关键词: 网络安全, DDoS攻击, 全局, 相关性分析, 主成份分析

Abstract:

DDoS attack is hard to detect in backbone network,for the reason that attack flows are distributed in multiple links and prone to be masked by tremendous amounts of background traffic.To solve this problem,a detection method based on global abnormal correlation analysis is proposed.The change of correlation between traffic caused by attack flows is exploited for attack detection,the correlation between potentially anomalous traffic is extracted by principle component analysis,and its change degree is used as an indicator of attack.Evaluation shows its effectiveness and proves that it overcomes the difficulties in detecting relatively low volume of DDoS attack transiting in backbone network.Comparing with existing network-wide detection method,it achieves higher detection rate.

Key words: network security, DDoS attack,global, correlation analysis, principle component analysis

杨松,李宗林. 一种DDoS攻击的检测算法[J]. 电信科学, 2010, 26(9): 106-110.

Song Yang,Zonglin Li. DDoS Attack Detection Algorithm[J]. Telecommunications Science, 2010, 26(9): 106-110.

图/表 5

参考文献 11

1	SekarV , DuffieldN G , SpatscheckO ,et al. LADS:large-scale automated DDoS detection system.In: USENIX06, Boston USA, June2006
2	ChenY , HwangK , KuW . Collaborative detection DDoS attacks over multiple network networks. EEE Transaction on Parallel and Distributed Systems, 2007,18（12）
3	LakhinaA , CrovellaM , DiotC . Characterization of network-wide anomalies in traffic flows.In: CM Internet Measurement Conference（IMC）ˊ04, Taormina Sicily Italy, October2004
4	LakhinaA , CrovellaM , DiotC . Diagnosing network-wide traffic anomalies.SIGCOMM. 2004(8)
5	LakhinaA , CrovellaM , DiotC . Mining anomalies using traffic feature distributions.SIGCOMM. 2005(8)
6	LakhinaA , CrovellaM , DiotC . Detecting distributed attacks using network-wide flow traffic.In: FloCon 2005 Analysis Workshop, Pittsburgh, September2005
7	LiX , BianF,M , Crovella DiotC ,et al. Detection and identification of network anomalies using sketch subspaces.In: ACM Internet Measurement Conference, Wisconsin USA, October2006
8	HuangY , FeamsterN , LakhinaA ,et al. Diagnosing network disruptions with network-wide analysis.In: SIGMETRICS, San Diego USA, June2007
9	PapagiannakiK , TaftN , ZhangZ L ,et al. Long-term forecasting of internet backbone traffic:observations and initial models. INFOCOM 2003,312（3）: 1178～1188
10	BoxG E , JenkinsG M . Time series analysis:forecasting and control. San Francisco:Holden Day, 1976
11

[1]	周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128.
[2]	王晓云, 邓伟, 张龙, 孙奇. 多域协同的TDD大规模组网方法研究[J]. 电信科学, 2023, 39(4): 43-51.
[3]	张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172.
[4]	陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189.
[5]	刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85.
[6]	顾玥, 李丹, 高凯辉. 基于机器学习和深度学习的网络流量分类研究[J]. 电信科学, 2021, 37(3): 105-113.
[7]	高明,罗锦,周慧颖,焦海,应丽莉. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020, 36(5): 73-82.
[8]	李玉峰,陆肖元,曹晨红,李江涛,朱泓艺,孟楠. 智能网联汽车网络安全浅析[J]. 电信科学, 2020, 36(4): 36-45.
[9]	杨志强,粟栗,齐旻鹏,杨波. 5G安全技术与标准[J]. 电信科学, 2020, 36(12): 1-19.
[10]	何国锋. 零信任架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12): 123-132.
[11]	谢萍,刘孝颂. 基于区块链的SDN物联网部署安全[J]. 电信科学, 2020, 36(12): 139-146.
[12]	肖芫莹,游耀东,向黎希. 代码审计系统的误报率成因和优化[J]. 电信科学, 2020, 36(12): 155-162.
[13]	余航,王帅,金华敏. 基于RASP的Web安全检测方法[J]. 电信科学, 2020, 36(11): 113-120.
[14]	王俊文. 未来工业互联网发展的技术需求[J]. 电信科学, 2019, 35(8): 26-38.
[15]	李聪, 雷波, 解冲锋, 李云鹤. 基于区块链技术的可信网络[J]. 电信科学, 2019, 35(10): 60-68.