摘要
现有的DDo S检测方法大多局限于数据包检测这一层面,不能完整描述DDo S攻击过程,从而影响检测效果。针对这一问题,提出一种基于PCC(packet and conversation considering with context)时间序列的检测算法,从数据包级和会话流级进行分析,能更加全面地描述DDo S攻击过程;同时考虑前后数据的关联性,融合上下文信息,采用支持向量机(SVM)分类器建立DDo S攻击检测模型;最后提出一种可信报警策略进一步消除噪声和误分类带来的影响。实验结果显示,该方法能够有效检测DDo S攻击,减小网络流量噪声对检测结果的影响。
Most detecting algorithms which were confined to analyze packet could not describe DDo S completely. Without complete description,detection would be effected,thus could not provide effective information for network management. Concerning this issue,based on packet-and-conversation-considering-with-context( PCC) time series analysis,a novel approach was proposed to detect DDo S attacks. By analyzing packet and conversation of DDo S traffic simultaneously,and combined with context information,multi-dimensional characteristics can describe DDo S better. And then support vector machine( SVM) classifier was adopted to establish the DDo S attack detection model from packet feature vector and conversation feature vector. Furthermore,a reliable alarm strategy was proposed to further reduce the influence of noise. The experiment results showed that PCC based approach can detect DDo S attacks effectively and reduce the influence of traffic noise.
出处
《四川大学学报(工程科学版)》
CSCD
北大核心
2015年第S2期142-148,共7页
Journal of Sichuan University (Engineering Science Edition)
基金
国家自然科学基金资助项目(61272447)
