摘要
提出了一种源端网络DDoS攻击检测的方法;本方法基于BPF包过滤在源端网络的网关上监控数据包,通过计算网络报文的目的IP地址的信息熵进行可疑流量的检测,最终进一步使用连接跟踪的技术对可疑流量进行判别;本方法可以有效的鉴别出SYN Flood的流量,并在源端网络中直接拦截,节省计算资源。
This paper presents a method for DDoS attack detection in source network.This method is based on BPF packet filtering to monitor packets on the gateway of the source network.The information entropy of the destination IP address of the network packets is used to detect the suspicious traffic.Finally,the connection tracing technique is used to judge the suspicious traffic.This method can effectively identify the traffic of SYN Flood,and directly intercepts and saves the computing resources in the source network.
出处
《计算机测量与控制》
2018年第1期289-291,306,共4页
Computer Measurement &Control
基金
湖北省科技厅科技支撑项目资助(2014BAA089)
关键词
DDOS
源端检测
信息熵
连接跟踪
DDoS
source detection
information entropy
connection track
