脉冲式拒绝服务攻击及其防御

doi:10.3969/j.issn.1000-0801.2007.09.014

摘要/Abstract

摘要：

脉冲式拒绝服务攻击是一类新型的拒绝服务攻击，与传统的泛洪式拒绝服务攻击相比，脉冲式拒绝服务攻击具有有效性和隐蔽性等特点。本文分析了脉冲式拒绝服务攻击的原理，介绍了目前已有的防御方法，并提出了一种基于流量摘要的检测方法，通过对总体流量进行检测发现异常后，再根据个体流的可疑程度对其进行过滤。

关键词: 脉冲式拒绝服务攻击, 低速TCP攻击, 流量摘要, 异常检测

Abstract:

Pulsing-based denial of service attack (PDoS attack) is a recently discovered attack that uses high narrow spikes to throttle TCP flows. Comparing with traditional flooding-based denial of service attacks, PDoS attacks are also effective but much more difficult to detect. In this paper, we analyze the frangibility of TCP congestion control mechanism and the rational of PDoS attack. We also review current detection schemes and discuss their disadvantages. Finally, we propose a new detection scheme basing on traffic digest, which can not only detect aggregative stream containing attack flow but also identify the attack flow.

Key words: PDoS attack, TCP-target attack, traffic digest, anomaly detection

陆伟宙,余顺争. 脉冲式拒绝服务攻击及其防御[J]. 电信科学, 2007, 23(9): 1-76.

Weizhou Lu,Shunzheng Yu. Pulsing-based Denial of Service Attack and Defense[J]. Telecommunications Science, 2007, 23(9): 1-76.

图/表 5

参考文献 10

1	Kuzmanovic A , Knightly E W . Low-rate TCP-targeted denial of service attacks: the shrew vs the mice and elephants. In:Proceedings of the ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, Karlsruhe, Germany, August2003
2	Luo X , Chang R K C . On a new class of pulsing denial-of-service attacks and the defense. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February2005
3	Chen Y , Hwang K . Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006,66(9)
4	Kuzmanovic A , Knightly E W . Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE/ACM Transactions on Networking, 2006,14(4)
5	Guirguis M , Bestavros A , Matta I . Exploiting the transients of adaptation for RoQ attacks on Internet resources. In:Proceedings of the 12th IEEE International Conference on Network Protocols, Berlin, Germany, October2004
6	Sun H , Lui J C S , Yau D K Y . Defending against low-rate TCP attacks: dynamic detection and protection. In:Proceedings of the 12th IEEE International Conference on Network Protocols, Berlin, Germany, October2004
7	Kwok Y K , et al. HAWK: Halting anomaly with weighted choking to rescue well-behaved TCP sessions from shrew DoS attacks. In:Proceeding of International Conference on Computer Networks and Mobile Computing 2005, Zhangjiajie, China, Aug2005
8	Luo X , et al. Vanguard: a new detection scheme for a class of TCP-targeted denial-of-service attacks. In: Proceeding of the 10th IEEE/IFIP Network Operations and Management Symposium, Vancouver, Canada, April2006
9	Sun H , Lui J C S , Yau D K Y . Distributed mechanism in detecting and defending against the low-rate TCP attack. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2006,50(13)
10	Yu S Z , Kobayashi H . A hidden semi-Markov model with missing data and multiple observation sequences for mobility tracking. Signal Processing, 2003,83(2)

[1]	陈华华, 陈哲. 基于钉板分布稀疏变分自编码器的异常检测算法研究[J]. 电信科学, 2022, 38(12): 65-77.
[2]	王速, 卢华, 汪硕, 蔡磊, 黄韬. 智能运维中KPI异常检测的研究进展[J]. 电信科学, 2021, 37(5): 42-51.
[3]	陈华华, 陈哲, 郭春生, 应娜, 叶学义, 章坚武. 基于混合高斯变分自编码网络的异常检测算法[J]. 电信科学, 2021, 37(4): 54-61.
[4]	沈潇军,葛亚男,沈志豪,倪阳旦,吕明琪,翁正秋. 一种基于LSTM自动编码机的工业系统异常检测方法[J]. 电信科学, 2020, 36(7): 136-145.
[5]	吴亚萍,董红召,林盈盈,柳菁. 混沌改进鱼群算法及其在工业控制网络异常检测中的应用[J]. 电信科学, 2020, 36(3): 27-33.
[6]	谭晓敏,方艾,金铎,李长江. IPTV用户体验异常的自动化检测[J]. 电信科学, 2019, 35(7): 159-164.
[7]	李昊奇,应娜,郭春生,王金华. 基于深度信念网络和线性单分类SVM的高维异常检测[J]. 电信科学, 2018, 34(1): 34-42.
[8]	李斐,陈恳,李萌,郭春梅. 一种基于运动相似熵的人群异常行为检测[J]. 电信科学, 2017, 33(5): 90-98.
[9]	姜红红,张涛,赵新建,钱欣,赵天成,高莉莎. 基于大数据的电力信息网络流量异常检测机制[J]. 电信科学, 2017, 33(3): 134-141.
[10]	李传煌,程成,袁小雍,岑利杰,王伟明. 基于深度学习的软件定义网络应用策略冲突检测方法[J]. 电信科学, 2017, 33(11): 27-36.
[11]	张玉,戴磊. 基于heavy hitter流提取的网络异常检测优化研究[J]. 电信科学, 2010, 26(3): 46-51.
[12]	杨松,李宗林. 一种基于高聚集链路测量的网络级别OD流异常检测框架[J]. 电信科学, 2010, 26(10): 121-126.
[13]	周彬彬,崔室江,杨义先. 基于系统行为分析的异常检测技术研究[J]. 电信科学, 2009, 1(2): 59-65.
[14]	周彬彬,崔宝江,杨义先. 基于系统行为分析的异常检测技术研究[J]. 电信科学, 2009, 25(2): 59-65.