通信学报 ›› 2022, Vol. 43 ›› Issue (11): 53-64.doi: 10.11959/j.issn.1000-436x.2022216

• 学术论文 • 上一篇    下一篇

基于简单统计特征的LDoS攻击检测方法

段雪源1,2,3, 付钰1, 王坤1,4, 李彬1   

  1. 1 海军工程大学信息安全系,湖北 武汉 430033
    2 信阳师范学院计算机与信息技术学院,河南 信阳 464000
    3 信阳师范学院河南省教育大数据分析与应用重点实验室,河南 信阳 464000
    4 信阳职业技术学院数学与信息工程学院,河南 信阳 464000
  • 修回日期:2022-10-20 出版日期:2022-11-25 发布日期:2022-11-01
  • 作者简介:段雪源(1981− ),男,河南开封人,海军工程大学博士生,主要研究方向为人工智能、信息处理、网络安全
    付钰(1982− ),女,湖北武汉人,博士,海军工程大学教授、博士生导师,主要研究方向为信息安全、人工智能
    王坤(1981− ),女,河南信阳人,海军工程大学博士生,主要研究方向为信息安全
    李彬(1998− ),男,湖南娄底人,海军工程大学硕士生,主要研究方向为信息安全、人工智能
  • 基金资助:
    国家重点研发计划基金资助项目(2018YFB0804104)

LDoS attack detection method based on simple statistical features

Xueyuan DUAN1,2,3, Yu FU1, Kun WANG1,4, Bin LI1   

  1. 1 Department of Information Security, Naval University of Engineering, Wuhan 430033, China
    2 College of Computer and Information Technology, Xinyang Normal University, Xinyang 464000, China
    3 Henan Key Laboratory of Analysis and Applications of Education Big Data, Xinyang Normal University, Xinyang 464000, China
    4 School of Mathematics and Information Engineering, Xinyang Vocational and Technical College, Xinyang 464000, China
  • Revised:2022-10-20 Online:2022-11-25 Published:2022-11-01
  • Supported by:
    The National Key Research and Development Program of China(2018YFB0804104)

摘要:

传统的低速率拒绝服务(LDoS)攻击检测方法存在特征提取复杂、计算开销大、实验背景单一和攻击场景过时等问题,难以满足现实网络环境对LDoS攻击检测的需求。通过研究LDoS攻击原理,分析LDoS攻击流量的特征,提出一种基于网络流简单统计特征的LDoS攻击检测方法。根据网络流量数据包的简单统计特征构造检测数据序列,利用深度学习技术学习输入样本的时间关联性特征,并根据重构序列与原输入序列的差异进行LDoS 攻击判定。实验结果表明,所提方法能够有效地检测出流量中的 LDoS 攻击流量,且对异构网络流量具有较强的适应性。

关键词: 统计特征, 深度学习, 低速率拒绝服务, 攻击检测

Abstract:

Traditional low-rate denial of service (LDoS) attack detection methods were complex in feature extraction, high in computational cost, single in experimental data background settings, and outdated in attack scenarios, so it was difficult to meet the demand for LDoS attack detection in a real network environment.By studying the principle of LDoS attack and analyzing the features of LDoS attack traffic, a detection method of LDoS attack based on simple statistical features of network traffic was proposed.By using the simple statistical features of network traffic packets, the detection data sequence was constructed, the time correlation features of input samples were extracted by deep learning technology, and the LDoS attack judgment was made according to the difference between the reconstructed sequence and the original input sequence.Experimental results show that the proposed method can effectively detect the LDoS attack traffic in traffic and has strong adaptability to heterogeneous network traffic.

Key words: statistical features, deep learning, low-rate denial of service, attack detection

中图分类号: 

No Suggested Reading articles found!