通信学报 ›› 2017, Vol. 38 ›› Issue (5): 19-30.doi: 10.11959/j.issn.1000-436x.2017075
吴志军,张景安,岳猛,张才峰
修回日期:
2017-02-17
出版日期:
2017-05-01
发布日期:
2017-05-28
作者简介:
吴志军(1965-),男,河南固始人,博士,中国民航大学教授、博士生导师,主要研究方向为网络空间安全。|张景安(1989-),男,山东临沂人,中国民航大学硕士生,主要研究方向为信息安全、拒绝服务攻击的入侵检测。|岳猛(1984-),男,河北沧州人,中国民航大学讲师,主要研究方向为信息安全、云计算、拒绝服务攻击的入侵检测。|张才峰(1991-),男,山东济南人,中国民航大学硕士生,主要研究方向为信息安全、拒绝服务攻击的入侵检测。
基金资助:
Zhi-jun WU,Jing-an ZHANG,Meng YUE,Cai-feng ZHANG
Revised:
2017-02-17
Online:
2017-05-01
Published:
2017-05-28
Supported by:
摘要:
低速率拒绝服务(LDoS,low-rate denial of service)攻击是一种降质服务(RoQ,reduction of quality)攻击,具有平均速率低和隐蔽性强的特点,它是云计算平台和大数据中心面临的最大安全威胁之一。提取了LDoS攻击流量的3个内在特征,建立基于BP神经网络的LDoS攻击分类器,提出了基于联合特征的LDoS攻击检测方法。该方法将LDoS攻击的3个内在特征组成联合特征作为BP神经网络的输入,通过预先设定的决策指标,达到检测LDoS攻击的目的。采用LDoS攻击流量专用产生工具,在NS2仿真平台和test-bed网络环境中对检测算法进行了测试与验证,实验结果表明通过假设检验得出检测率为 96.68%。与现有研究成果比较说明基于联合特征的LDoS攻击检测性优于单个特征,并具有较高的计算效率。
中图分类号:
吴志军,张景安,岳猛,张才峰. 基于联合特征的LDoS攻击检测方法[J]. 通信学报, 2017, 38(5): 19-30.
Zhi-jun WU,Jing-an ZHANG,Meng YUE,Cai-feng ZHANG. Approach of detecting low-rate DoS attack based on combined features[J]. Journal on Communications, 2017, 38(5): 19-30.
[1] | 吴志军, 岳猛 . 基于信号处理的低速率拒绝服务攻击的检测技术[M]. 北京: 科学出版社, 2015. |
WU Z J , YUE M . Detection technology of LDoS attacks based on signal processing[M]. Beijing: Science PressPress, 2015. | |
[2] | MACIá-FERNáNDEZ G , DíAZ-VERDEJO J E , GARCíA-TEODORO P . Mathematical model for low-rate DoS attacks against application servers[J]. IEEE Transactions on Information Forensics and Security, 2009,4(3): 519-529. |
[3] | TANG Y J , LUO X P , HUI Q ,et al. Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks[J]. IEEE Transactions on Information Forensics and Security, 2014,9(3): 339-353. |
[4] | FICCO M , RAK M . Stealthy denial of service strategy in cloud computing[J]. IEEE Transactions on Cloud Computing, 2015,3(1): 80-94. |
[5] | KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks- the Shrew vs.the Mice and Elephants[C]// ACM SIGCOMM 2003. Karlsruhe,Germany, 2003: 25-29. |
[6] | KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies[J]. IEEE/ACM Transactions on Networking, 2006,14(4): 683-696. |
[7] | 何炎祥, 刘陶 . 降质服务攻击及其防范方法[M]. 北京: 机械工业出版社, 2011. |
HE Y X , LIU T . Reduction of quality attack and the defense methods[M]. Beijing: China Machine PressPress, 2011. | |
[8] | TANG Y , LUO X , HUI Q ,et al. Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks[J]. IEEE Transactions on Information Forensics and Security (TIFS), 2014,9(3): 339-353. |
[9] | 文坤, 杨家海, 张宾 . 低速率拒绝服务攻击研究与进展综述[J]. 软件学报, 2014,25(3): 591-605. |
WEN K , YANG J H , ZHANG B . Survey on research and progress of low-rate denial of service attacks[J]. Journal of Software, 2014,25(3): 591-605. | |
[10] | ZHU H L , YANG X , WU Q X ,et al. A novel distributed LDoS attack scheme against internet routing[J]. China Communications, 2014,113: 101-107. |
[11] | LUO J T , YANG X L . The new shrew attack:a new type of low-rate TCP-targeted DoS attack[C]// International Conference on Communications,Sydney,Australia, 2014: 713-718. |
[12] | LUO J T , YANG X L , WANG J ,et al. On a mathematical model for low-rate shrew DDoS[J]. IEEE Transactions on Information Forensics and Security (TIFS), 2014,9(7): 1069-1083. |
[13] | 张静, 胡华平, 刘波 ,等. 基于ASPQ的LDoS攻击检测方法[J]. 通信学报, 2012,33(5): 79-84. |
ZHANG J , HU H P , LIU B ,et al. Detecting LDoS attack based on ASPQ[J]. Journal on Communications, 2012,33(5): 79-84. | |
[14] | ZHANG C , YIN J , CAI Z ,et al. RRED:robust RED algorithm to counter low-rate denial-of-service attacks[J]. IEEE Communication Letter, 2010,415: 489-491. |
[15] | 马建红, 姬莉霞, 文坤 . Shrew 攻击对拥塞控制协议的影响及仿真分析[J]. 河南科技大学学报(自然科学版), 2013,34(4): 51-56. |
MA J H , JI L X , WEN K . Shrew attacks’ influence of congestion control protocol and simulation analysis[J]. Journal of Henan University of Science & Technology (Natural Science), 2013,34(4): 51-56. | |
[16] | 刘文胜, 周长胜 . 基于路由器 BGP 协议的低速率攻击与防御[J]. 北京信息科技大学学报, 2014,29(6): 90-94. |
LIU W S , ZHOU C S . Low-rate attack and defense based on BGP protocol router[J]. Journal of Beijing Information Science and Technology University, 2014,29(16): 90-94. | |
[17] | WEI W , CHEN F , XIA Y J ,et al. A rank correlation based detection against distributed reflection DoS attacks[J]. IEEE Communications Letters, 2013,17(1): 173-175. |
[18] | CHEN Y , HUANG K , KWONG K Y . Collaborative defense against periodic shrew DDoS attacks in frequency domain[C]// ACM Transactions on Information and System Security. ACM:Los Angeles,California,USA, 2005: 2-27. |
[19] | TANG D , CHEN K , CHEN X S ,et al. Adaptive EWMA method based on abnormal network traffic for LDoS attacks[J]. Mathematical Problems in Engineering, 2014(3): 166-183. |
[20] | WU Z J , ZHANG L Y , YUE M . Low-rate dos attacks detection based on network multifractal[J]. IEEE Transactions on Dependable and Secure Computing, 2016,315: 559-567. |
[21] | 刘映 . 基于TCP流量统计特征的LDoS攻击检测方法研究[D]. 华中科技大学, 2015. |
LIU Y . Research on LDoS attacks detection method based on the statistical features of TCP traffic[D]. Huazhong University of Science and Technology, 2015. | |
[22] | KWOK Y K , TRIPATHI R , CHEN Y ,et al. HAWK:halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks[C]// Networking and Mobile Computing,Third International Conference,ICCNMC 2005. 2005: 423-432. |
[23] | 张静, 胡华平, 刘波 ,等. 基于ASPQ的LDoS攻击检测方法[J]. 通信学报, 2012,33(5): 79-84. |
ZHANG J , HU H P , LIU B ,et al. Detecting LDoS attack based on ASPQ[J]. Journal on Communications, 2012,33(5): 79-84. | |
[24] | 吴娜, 穆朝阳, 张良春 . 基于数据流势能特征的分布式拒绝服务隐蔽流量检测[J]. 计算机工程, 2015,42(3): 142-146. |
WU N , MU C Y , ZHANG L C . Distributed denial of service covert flow detection based on data stream potential energy feature[J]. Computer Engineering, 2015,42(3): 142-146. | |
[25] | 李振军, 程杰仁 . 基于多特征分布式拒绝服务攻击的检测[J]. 信息网络安全, 2013(5): 25-28. |
LI Z J , CHENG J R . Detecting distributed denial of service attack based on multi-feature fusion[J]. Netinfo Security, 2013(5): 25-28. | |
[26] | HSIAO K J , XU K S , CALDER J ,et al. Multicriteria similarity-based anomaly detection using pareto depth analysis[J]. IEEE Transactions on Neural Networks and Learning Systems, 2016,27(6): 1307-1321. |
[27] | 徐琴珍, 杨绿溪 . 一种优化的神经网络树异常入侵检测方法[J]. 信号处理, 2010,26(11): 1663-1669. |
XU Q Z , YANG L X . An optimized neural network tree based anomaly intrusion detection method[J]. Journal of Signal Processing, 2010,26(11): 1663-1669. | |
[28] | 吴志军, 岳猛 . 基于卡尔曼滤波的LDDoS攻击检测方法[J]. 电子学报, 2008,36(8): 1590-1594. |
WU Z J , YUE M . Detection of LDDoS attack based on Kalman filtering[J]. Acta Electronica Sinica, 2008,26(8): 1590-1594. |
[1] | 霍纬纲, 梁锐, 李永华. 基于随机Transformer的多维时间序列异常检测模型[J]. 通信学报, 2023, 44(2): 94-103. |
[2] | 廖建新, 付霄元, 戚琦, 王敬宇, 孙海峰. 6G-ADM:基于知识空间的6G网络管控体系[J]. 通信学报, 2022, 43(6): 3-15. |
[3] | 段雪源, 付钰, 王坤. 基于VAE-WGAN的多维时间序列异常检测方法[J]. 通信学报, 2022, 43(3): 1-13. |
[4] | 吴平, 常朝稳, 左志斌, 马莹莹. 基于地址重载的SDN分组转发验证[J]. 通信学报, 2022, 43(3): 88-100. |
[5] | 孙海丽, 龙翔, 韩兰胜, 黄炎, 李清波. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210. |
[6] | 陈卓, 朱淼, 杜军威. 基于多视角图神经网络的欺诈检测算法[J]. 通信学报, 2022, 43(11): 225-232. |
[7] | 段雪源, 付钰, 王坤, 刘涛涛, 李彬. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022, 43(10): 65-76. |
[8] | 朱会娟, 陈锦富, 李致远, 殷尚男. 基于多特征自适应融合的区块链异常交易检测方法[J]. 通信学报, 2021, 42(5): 41-50. |
[9] | 陈铁明,金成强,吕明琪,朱添田. 基于样本增强的网络恶意流量智能检测方法[J]. 通信学报, 2020, 41(6): 128-138. |
[10] | 戚琦,申润业,王敬宇. GAD:基于拓扑感知的时间序列异常检测[J]. 通信学报, 2020, 41(6): 152-160. |
[11] | 杨晓晖,张圣昌. 基于多粒度级联孤立森林算法的异常检测模型[J]. 通信学报, 2019, 40(8): 133-142. |
[12] | 李佳,云晓春,李书豪,张永铮,谢江,方方. 基于混合结构深度神经网络的HTTP恶意流量检测方法[J]. 通信学报, 2019, 40(1): 24-33. |
[13] | 王缵,田有亮,李秋贤,杨新欢. 基于信用模型的工作量证明算法[J]. 通信学报, 2018, 39(8): 185-198. |
[14] | 吴志军,刘亮,岳猛. 基于ANN与KPCA的LDoS攻击检测方法[J]. 通信学报, 2018, 39(5): 11-22. |
[15] | 俞艺涵,付钰,吴晓平. 基于Shannon信息熵与BP神经网络的隐私数据度量与分级模型[J]. 通信学报, 2018, 39(12): 10-17. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|