基于行为自相似分析的DDoS攻击检测与追踪

发布时间：2018-03-19 06:04

  本文选题：DDoS攻击　切入点：行为自相似性　出处：《中南大学》2014年硕士论文　论文类型：学位论文

【摘要】：DDoS攻击是攻击特定目标,使其无法提供正常网络服务的攻击方式,DDoS攻击工具的出现,发动DDoS攻击变得简便而有效,因此DDoS攻击引起的网络安全事件层出不穷。随着DDoS的攻击方法和工具的不断更新升级,DDoS攻击的危害变得越来越大,成为当今互联网安全的主要威胁之一。 本文针对DDoS攻击的特点,提出了基于用户行为的自相似性对DDoS攻击进行分析的方法,研究了套接字字段和TCP标识符等特征字段的熵值在DDoS攻击发生时候的变化。结合生物信息学中蛋白质相互作用网络的特点,利用特征熵值的变化信息为不同的DDoS攻击方式建立目标蛋白质相互作用网络。 为了能追踪并锁定DDoS攻击源,本文利用主动网络的特点,设计了DDoS攻击的检测与追踪总体方案。该方案在分时统计的基础上为每个数据包创建RTCT字段,服务器端根据不同的RTCT值分类数据包并生成不同的个体,利用相同的特征熵值为每个个体构建对应的蛋白质相互作用网络。最后通过与目标蛋白质相互作用网络进行对比来判断或预测个体是否有攻击行为,如果个体有攻击行为,分解个体RTCT值锁定攻击源并还原攻击路径。 实验结果表明该总体方案对DDoS攻击十分敏感,能够准确的检测和预测出DDoS攻击并指示攻击类型,并能在复杂的网络拓扑结构中正确的锁定攻击源并还原攻击路径。
[Abstract]:DDoS attack is a kind of attack that can not provide normal network service to a specific target. It is easy and effective to launch a DDoS attack because of the appearance of DDoS attack tools. Therefore, the network security events caused by DDoS attacks emerge in endlessly. With the continuous updating and upgrading of DDoS attack methods and tools, the harm of DDoS attacks has become more and more serious, and it has become one of the main threats to Internet security nowadays. According to the characteristics of DDoS attacks, this paper proposes a method to analyze DDoS attacks based on user behavior self-similarity. The entropy of characteristic fields such as socket fields and TCP identifiers is studied in this paper, which is based on the characteristics of protein interaction networks in bioinformatics. The target protein interaction network is established for different DDoS attack modes by using the change information of characteristic entropy. In order to track and lock the DDoS attack source, this paper designs an overall scheme for detecting and tracking DDoS attacks based on the characteristics of active network. This scheme creates RTCT fields for each packet on the basis of time-sharing statistics. The server classifies packets according to different RTCT values and generates different individuals, Using the same characteristic entropy value to construct the corresponding protein interaction network for each individual. Finally, by comparing with the target protein interaction network, we can judge or predict whether the individual has aggressive behavior, if the individual has aggressive behavior. Decompose the individual RTCT value to lock the attack source and restore the attack path. The experimental results show that the scheme is sensitive to DDoS attacks, can detect and predict DDoS attacks and indicate the attack types accurately, and can correctly lock the attack source and restore the attack path in the complex network topology.
【学位授予单位】：中南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】

相关期刊论文 前10条

1 张乐;覃弘;赵淑玲;;浅析网络安全中防火墙的应用[J];测绘与空间地理信息;2011年06期

2 孙晓燕;张化祥;计华;;用于不均衡数据集分类的KNN算法[J];计算机工程与应用;2011年28期

3 蔡玮s，

本文编号：1633118