基于ACK序号步长的LDoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2018126

通信学报 ›› 2018, Vol. 39 ›› Issue (7): 139-147.doi: 10.11959/j.issn.1000-436x.2018126

基于ACK序号步长的LDoS攻击检测方法

吴志军,潘卿波,岳猛

中国民航大学电子信息与自动化学院，天津 300300

修回日期:2018-05-08 出版日期:2018-07-01 发布日期:2018-08-08
作者简介:吴志军（1965-），男，新疆库尔勒人，博士，中国民航大学教授、博士生导师，主要研究方向为网络空间安全。|潘卿波（1992-），男，山西太原人，中国民航大学硕士生，主要研究方向为网络信息安全、低速率拒绝服务攻击的检测。|岳猛（1984-），男，河北沧州人，博士，中国民航大学讲师，主要研究方向为信息安全、云计算、低速率拒绝服务攻击的检测。
基金资助:
国家自然基金委员会与中国民航局联合基金资助项目(U153310);天津市自然基金重点资助项目(17JCZDJC30900)

Detection method of LDoS attack based on ACK serial number step-length

Zhijun WU,Qingbo PAN,Meng YUE

School of Electronic Information ＆Automation,Civil Aviation University of China,Tianjin 300300,China

Revised:2018-05-08 Online:2018-07-01 Published:2018-08-08
Supported by:
The Joint Foundation of National Natural Science Foundation and Civil Aviation Administration of China(U153310);The Major Program of Natural Science Foundation of Tianjin(17JCZDJC30900)

摘要/Abstract

摘要：

低速率拒绝服务（LDoS,low-rate denial of service）攻击具有极强的隐蔽性，对大数据中心和云计算平台构成潜在的安全威胁。在研究LDoS攻击期间网络流量变化的基础上，对数据接收端回传给发送端的ACK数据分组进行统计分析，揭示了其序号步长在LDoS攻击期间具有的波动特征。采用排列熵的方法提取该特征，提出了一种基于ACK序号步长排列熵的LDoS攻击检测方法。该方法通过采集发送端收到的ACK数据分组，对其序号进行采样并计算步长；再利用对时间敏感性较强的排列熵算法检测出步长突变时刻，达到检测LDoS攻击的目的。在实际网络环境中设计和搭建了测试平台并对所提方法进行了验证，实验结果表明，所提方法具有较好的检测性能，取得了较好的检测效果。

关键词: 低速率拒绝服务, ACK序号步长, 排列熵算法, 检测

Abstract:

Low-rate denial of service (LDoS) attack is a potential security threat to big data centers and cloud computing platforms because of its strong concealment.Based on the analysis of network traffic during the LDoS attack,statistical analysis was given of ACK packets returned by the data receiver to the sender,and result reveals the sequence number step had the characteristics of volatility during the LDoS attack.The permutation entropy method was adopted to extract the characteristics of volatility.Hence,an LDoS attack detection method based on ACK serial number step permutation entropy was proposed.The serial number was sampled and the step length was calculated through collecting the ACK packets that received at the end of sender.Then,the permutation entropy algorithm with strong time-sensitive was used to detect the mutation step time,and achieve the goal of detecting LDoS attack.A test-bed was designed and built in the actual network environment for the purpose of verifying the proposed approach performance.Experimental results show that the proposed approach has better detection performance and has achieved better detection effect.

Key words: low-rate denial of service, ACK serial number step-length, permutation entropy, detection

中图分类号:

TP302

吴志军,潘卿波,岳猛. 基于ACK序号步长的LDoS攻击检测方法[J]. 通信学报, 2018, 39(7): 139-147.

Zhijun WU,Qingbo PAN,Meng YUE. Detection method of LDoS attack based on ACK serial number step-length[J]. Journal on Communications, 2018, 39(7): 139-147.

图/表 10

图1

图2

图3

图4

表1

图5

图6

图7

表2

表3

参考文献 18

[1]	KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies[J]. IEEE/ACM Transactions on Networking, 2006,14(4): 683-696.
[2]	KUZMANOVIC A , KNIGHTLY E W.Low-rate TCP-targeted denial of service attacks:the shrew vs . the mice and elephants[C]// ACM SIGCOMM 2003 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communication. 2003: 75-86.
[3]	文坤, 杨家海, 张宾 . 低速率拒绝服务攻击研究与进展综述[J]. 软件学报, 2014,25(3): 591-605.
	WEN K , YANG J H , ZHANG B . Survey on research and progress of low-rate denial of service attacks[J]. Journal of Software, 2014,25(3): 591-605.
[4]	何炎祥, 刘陶, 曹强 ,等. 低速率拒绝服务攻击研究综述[J]. 计算机科学与探索, 2008,2(1): 1-19.
	HE Y X , LIU T , CAO Q ,et al. A survey of low-rate denial-of-service attacks[J]. Journal of Frontiers of Computer Science and Technology, 2008,2(1): 1-19.
[5]	KWOK Y K , TRIPATHI R , CHEN Y ,et al. HAWK:halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks[C]// International Conference on NETWORKING and Mobile Computing. 2005: 423-432.
[6]	XIANG Y , LI K , ZHOU W . Low-rate DDoS attacks detection and trace back by using new information metrics[J]. IEEE Transactions Information Forensics and Security, 2011,6(2): 426-437.
[7]	YUHEI H , JIA Y Z.SATOSHI N . Method for detecting low-rate attacks on basis of burst-state duration using quick packet-matching function[C]// IEEE International Symposium on Local and Metropolitan Area Networks. 2017: 1-2.
[8]	CHENG C M , KUNG H , TAN K S . Use of spectral analysis in defense against DoS attacks[C]// IEEE Global Telecommunications. 2002: 2143-2148.
[9]	何炎祥, 曹强, 刘陶 ,等. 一种基于小波特征提取的低速率DoS检测方法[J]. 软件学报, 2009,20(4): 930-941.
	HE Y X , CAO Q , LIU T ,et al. A low-rate Dos detection method based on feature extraction using wavelet transform[J]. Journal of Software, 2009,20(4): 930-941.
[10]	PAUL C , MYONG K , ALEXANDER V . Spectral analysis of low rate of denial of service attacks detection based on fisher and Siegel tests[C]// IEEE International Conference on Communications(ICC). 2016: 1-6.
[11]	WEI W , FENG C , XIA Y ,et al. A rank correlation based detection against distributed reflection DoS attacks[J]. IEEE Communications Letters, 2013,17(1): 173-175.
[12]	BHUYAN M H , KALWAR A , GOSWAMI A ,et al. Low-rate and high-rate distributed DoS attack detection using partial rank correlation[C]// Fifth International Conference on Communication Systems and Network Technologies. 2015: 706-710.
[13]	CHEN K , LIU H Y , CHEN X S . Detecting LDoS attacks based on abnormal network traffic[J]. KSII Transactions on Internet and Information Systems, 2012,6(7): 1831-1853.
[14]	FALL K R , RICHARD S W . TCP/IP详解卷1:协议[M]. 北京: 机械工业出版社, 2016.
	FALL K R , RICHARD S W . TCP/IP illustrated volume 1:the protocols[M]. Beijing: China Machine PressPress, 2016.
[15]	FENG F Z , RAO G Q , WEI S A . Application and development of permutation entropy algorithm[J]. Journal of Academy of Armored Force Engineering, 2012,26(2): 34-38.
[16]	饶国强, 冯辅周, 司爱威 . 排列熵算法参数的优化确定方法研究[J]. 振动与冲击, 2014,33(1): 188-193.
	RAO G Q , FENG F Z , SI A W . Method for optimal determination of parameters in permutation entropy algorithm[J]. Journal of Vibration and Shock, 2014,33(1): 188-193.
[17]	王海燕, 盛昭瀚 . 混沌时间序列相空间重构参数的选取方法[J]. 东南大学学报(自然科学版), 2000,30(5): 113-117.
	WANA H Y , CHENG Z H . Choice of the parameters for the phase space reconstruction of Chaotic time series[D]. Journal of Southeast University(Natural Science Edition), 2000,30(5): 113-117.
[18]	刘永斌 . 基于非线性信号分析的滚动轴承状态监测诊断研究[D]. 合肥:中国科学技术大学, 2011.
	LIU Y B . Nonlinear signal analysis for rolling bearing condition monitoring and fault diagnosis[D]. Hefei:University of Science and Technology, 2011.

参数	取值
嵌入维数d	3
时延τ	2
子序列长度l	100

TCP流数	阈值	检测率	误报率	漏报率	预测攻击时刻误差/s
单条	0	100.0%	1.0%	0.0%	0.78
多条相同RTT	0.767 7	96.0%	3.0%	4.0%	1.25
多条不同RTT	0.775 9	98.0%	7.0%	2.0%	1.37

检测方法	报警率	虚警率	漏警率
NCPSD	88.0%	16.0%	12.0%
基于ACK异常流量	94.0%	2.0%	6.0%
本文检测方法	98.0%	7.0%	2.0%

基于ACK序号步长的LDoS攻击检测方法

Detection method of LDoS attack based on ACK serial number step-length

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 18

相关文章 15

Metrics

推荐阅读 0

[1]	郑金志, 汲如意, 张立波, 赵琛. 基于Transformer解码的端到端场景文本检测与识别算法[J]. 通信学报, 2023, 44(5): 64-78.
[2]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[3]	戴千一, 张斌, 郭松, 徐开勇. 基于多分类器集成的区块链网络层异常流量检测方法[J]. 通信学报, 2023, 44(3): 66-80.
[4]	孙贺麟, 高洪元, 杜亚男, 程建华, 刘亚鹏. 频控阵MIMO雷达的目标数与方位参数联合估计方法[J]. 通信学报, 2023, 44(2): 41-51.
[5]	霍纬纲, 梁锐, 李永华. 基于随机Transformer的多维时间序列异常检测模型[J]. 通信学报, 2023, 44(2): 94-103.
[6]	杨宏宇, 杨海云, 张良, 成翔. 基于特征依赖图的源代码漏洞检测方法[J]. 通信学报, 2023, 44(1): 103-117.
[7]	刘延华, 李嘉琪, 欧振贵, 高晓玲, 刘西蒙, MENG Weizhi, 刘宝旭. 对抗训练驱动的恶意代码检测增强方法[J]. 通信学报, 2022, 43(9): 169-180.
[8]	袁程胜, 郭强, 付章杰. 基于差分隐私的深度伪造指纹检测模型版权保护算法[J]. 通信学报, 2022, 43(9): 181-193.
[9]	蒋锐, 李俊, 徐友云, 王小明, 李大鹏. 基于联邦卡尔曼滤波器的容错GPS-AOA-SINS组合导航算法[J]. 通信学报, 2022, 43(8): 78-89.
[10]	陈炜宇, 骆俊杉, 王方刚, 丁海洋, 王世练, 夏国江. 无线隐蔽通信容量限与实现技术综述[J]. 通信学报, 2022, 43(8): 203-218.
[11]	廖建新, 付霄元, 戚琦, 王敬宇, 孙海峰. 6G-ADM：基于知识空间的6G网络管控体系[J]. 通信学报, 2022, 43(6): 3-15.
[12]	朱政宇, 林宇, 王梓晅, 巩克现, 陈鹏飞, 王忠勇, 梁静. 基于MeanShift的短波跳频信号快速盲检测[J]. 通信学报, 2022, 43(6): 200-210.
[13]	卢东旭, 周娴, 刘飞, 霍佳皓, 苑金辉, 隆克平. 高线宽容忍度的高谱效SSB-PAM-DD方案[J]. 通信学报, 2022, 43(5): 36-44.
[14]	廖育荣, 王海宁, 林存宝, 李阳, 方宇强, 倪淑燕. 基于深度学习的光学遥感图像目标检测研究进展[J]. 通信学报, 2022, 43(5): 190-203.
[15]	李凤华, 李超洋, 郭超, 李子孚, 房梁, 郭云川. 泛在网络环境下隐蔽通道关键技术研究综述[J]. 通信学报, 2022, 43(4): 186-201.