基于快速独立成分分析的RoQ攻击检测方法

发布时间：2018-04-17 16:52

本文选题：网络安全 + 降质服务攻击　；参考：《电子与信息学报》2013年10期

【摘要】：降质服务(Reduction of Quality,RoQ)攻击比传统的拒绝服务攻击(Denial of Service,DoS)攻击更具有隐秘性和多变性,这使得检测该攻击十分困难。为提高检测准确率并及时定位攻击源,该文将攻击流量提取建模为一个盲源分离过程,提出了基于快速ICA(Independent Component Analysis)的攻击流特征提取算法,从若干观测网络和终端设备中分离出RoQ攻击流,然后提取表征攻击流的特征参数。接着设计了一种基于支持向量机的协同检测系统和检测算法,通过用已标记的有攻击和无攻击的样本训练SVM分类器,最终实现RoQ攻击的检测。仿真结果表明该方法能够有效检测并定位伪造IP地址的RoQ攻击,检测率达到90%以上,而选取合适的ICA参数会提高检测效果。
[Abstract]:The quality reduction of quality Control (QoS) attack is more secretive and variable than the traditional denial of Service (dos) attack, which makes it very difficult to detect the attack.In order to improve the detection accuracy and locate the attack source in time, the attack flow extraction is modeled as a blind source separation process, and an attack flow feature extraction algorithm based on fast ICA(Independent Component analysis is proposed.The RoQ attack flow is separated from several observation networks and terminal devices, and the characteristic parameters representing the attack flow are extracted.Then, a cooperative detection system and detection algorithm based on support vector machine are designed. Finally, the detection of RoQ attacks is realized by training SVM classifier with labeled attack and non-attack samples.The simulation results show that this method can detect and locate the RoQ attack of forged IP address effectively, and the detection rate is over 90%, and the detection effect can be improved by selecting appropriate ICA parameters.
【作者单位】：国防科技大学电子信息系统复杂电磁环境效应国家重点实验室;
【分类号】：TP393.08

【参考文献】