基于Web轨迹的应用层DDoS攻击检测
发布时间:2018-07-17 19:17
【摘要】:分布式拒绝服务(Distributed Denial of Service,DDoS)攻击是当前互联网面临的最严重的安全问题之一。应用层DDoS攻击用于完成特定目标,主要包括中断交易和访问数据库资源。它需要相对较少的资源并且经常伴随着网络层攻击。除了针对特定的应用数据包之外,攻击流量伪装成合法流量,对应用层的攻击主要用来阻碍信息检索或者搜索功能、影响Web浏览体验、消耗电子邮件服务和图片应用程序的资源。为了有效防御应用层分布式拒绝服务攻击,本文提出一种搭建在Web应用服务器上的基于Web轨迹的检测方法与防御模型。把用户的访问行为抽象为Web行为轨迹,根据攻击请求的生成方式与用户访问Web页面的行为特征,提出了五种异常因素,分别为会话长度分布异常、访问依赖异常、行为速率异常、轨迹重复异常、轨迹偏离异常。采用行为轨迹化简算法简化行为轨迹的计算,然后计算用户正常访问网站时和攻击访问时产生的异常因素的偏离值,来检测针对Web网站的分布式拒绝服务攻击。在检测出某用户产生攻击请求时,防御模型禁止该用户访问来防御DDoS。实验采用真实数据作为训练集,在模拟不同种类攻击请求下,防御模型短时间识别出攻击并且采取防御机制抵制。实验结果表明,Web行为轨迹的防御模型能够有效检测并且防御对Web网站的分布式拒绝服务攻击。
[Abstract]:Distributed Denial of Service (DDoS) attack is one of the most serious security problems facing the current Internet. The application layer DDoS attack is used to accomplish specific targets, mainly including interrupting transactions and accessing database resources. It requires relatively few resources and often accompanied by network layer attacks. In addition to the application data packet, the attack traffic is disguised as a legitimate traffic, and the attack on the application layer is mainly used to hinder information retrieval or search function. It affects the Web browsing experience and consumes the resources of the e-mail service and image applications. In order to effectively defend the application layer distributed denial of service attack, this paper proposes a kind of construction in the Web application. The detection method and defense model based on Web trajectory on the server. The user's access behavior is abstracted as the Web behavior trajectory. According to the formation of the attack request and the user's access to the behavior characteristics of the Web page, five abnormal factors are proposed, which are the session length distribution anomaly, the access dependency anomaly, the behavior rate anomaly, and the locus repetition difference, respectively. Often, the trajectory is deviated from the anomaly. The behavior trajectory simplification algorithm is used to simplify the calculation of the behavior trajectory, and then the deviation value of the abnormal factors generated by the user's normal access to the site and the attack access is calculated to detect the distributed denial of service attack against the Web site. The DDoS. experiment uses real data as the training set. Under the simulation of different kinds of attack requests, the defense model recognizes the attack in a short time and adopts the defense mechanism to resist. The experimental results show that the defense model of the Web behavior trajectory can effectively detect and defend the distributed denial of service attack on the Web website.
【学位授予单位】:中国矿业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2130666
[Abstract]:Distributed Denial of Service (DDoS) attack is one of the most serious security problems facing the current Internet. The application layer DDoS attack is used to accomplish specific targets, mainly including interrupting transactions and accessing database resources. It requires relatively few resources and often accompanied by network layer attacks. In addition to the application data packet, the attack traffic is disguised as a legitimate traffic, and the attack on the application layer is mainly used to hinder information retrieval or search function. It affects the Web browsing experience and consumes the resources of the e-mail service and image applications. In order to effectively defend the application layer distributed denial of service attack, this paper proposes a kind of construction in the Web application. The detection method and defense model based on Web trajectory on the server. The user's access behavior is abstracted as the Web behavior trajectory. According to the formation of the attack request and the user's access to the behavior characteristics of the Web page, five abnormal factors are proposed, which are the session length distribution anomaly, the access dependency anomaly, the behavior rate anomaly, and the locus repetition difference, respectively. Often, the trajectory is deviated from the anomaly. The behavior trajectory simplification algorithm is used to simplify the calculation of the behavior trajectory, and then the deviation value of the abnormal factors generated by the user's normal access to the site and the attack access is calculated to detect the distributed denial of service attack against the Web site. The DDoS. experiment uses real data as the training set. Under the simulation of different kinds of attack requests, the defense model recognizes the attack in a short time and adopts the defense mechanism to resist. The experimental results show that the defense model of the Web behavior trajectory can effectively detect and defend the distributed denial of service attack on the Web website.
【学位授予单位】:中国矿业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 徐洋;孙建忠;张焕国;谢晓尧;;云环境下Web服务应用层DDoS攻击检测系统[J];计算机应用研究;2016年09期
2 肖甫;马俊青;黄洵松;王汝传;;SDN环境下基于KNN的DDoS攻击检测方法[J];南京邮电大学学报(自然科学版);2015年01期
3 孙未;张亚平;;基于用户忠实度的应用层DDoS防御模型[J];计算机工程与设计;2015年01期
4 王睿;;一种基于回溯的Web上应用层DDOS检测防范机制[J];计算机科学;2013年S2期
5 黄亮;冯登国;连一峰;陈恺;;基于神经网络的DDoS防护绩效评估[J];计算机研究与发展;2013年10期
6 李锦玲;汪斌强;;基于最大频繁序列模式挖掘的App-DDoS攻击的异常检测[J];电子与信息学报;2013年07期
7 王风宇;曹首峰;肖军;云晓春;龚斌;;一种基于Web群体外联行为的应用层DDoS检测方法[J];软件学报;2013年06期
8 田俊峰;韩金娥;杜瑞忠;王勇;;基于软件行为轨迹的可信性评价模型[J];计算机研究与发展;2012年07期
9 赵国锋;喻守成;文晟;;基于用户行为分析的应用层DDoS攻击检测方法[J];计算机应用研究;2011年02期
10 肖军;云晓春;张永铮;;基于会话异常度模型的应用层分布式拒绝服务攻击过滤[J];计算机学报;2010年09期
,本文编号:2130666
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2130666.html
