Web服务器的DDoS攻击检测方法研究
发布时间:2018-11-05 11:59
【摘要】:在互联网不断发展壮大的今天,Web技术正在改变着人们的日常生活。一方面,Web技术让我们的生活更加便捷,另一方面,随之而来的安全问题也日益突出,,尤其是作为互联网基础设施的Web服务器安全。近几年来,一些政府机构、银行网站等遭遇分布式拒绝服务攻击的案例层出不穷,其Web服务器因受到攻击而导致网站瘫痪,损失巨大。基于此,如何检测Web服务器的DDoS攻击便成为当务之急,这同时也是网络安全领域内的重要研究方向。 针对Web服务器的DDoS攻击,本文提出了一种粒子群优化的K均值聚类算法(PSO-KM)的DDoS攻击检测方法。本文的主要工作可以概括如下: 首先选取数据挖掘方法中的K-Means算法作为异常检测方法的基础,后用粒子群算法对其进行优化,即PSO-KM算法,并以此算法来建立异常检测机制。其次,利用libpcap开发库来捕获Web服务器端网络数据流量,根据Web服务器遭受DDoS攻击时表现出来的异常情况,从中选取5个流量特征属性组成流量特征向量。最后,利用建立的异常检测机制对DDoS攻击行为进行检测。 经实验证明,与K-Means算法建立的检测方法做对比,该方法具有更好的学习效率,检测率平均提高5个百分点,误警率平均降低1个百分点,可以有效地识别出DDoS攻击行为,为日后进一步研究Web服务器的防范工作奠定了基础。
[Abstract]:With the development of Internet, Web technology is changing people's daily life. On the one hand, Web technology makes our life more convenient, on the other hand, the security problems are increasingly prominent, especially the security of Web server as the Internet infrastructure. In recent years, some government agencies, bank websites and other cases of distributed denial-of-service attacks emerge in endlessly. The Web server is paralyzed by attacks, resulting in huge losses. Based on this, how to detect the DDoS attack of Web server becomes an urgent task, which is also an important research direction in the field of network security. Aiming at DDoS attack of Web server, this paper presents a DDoS attack detection method based on K-means clustering algorithm (PSO-KM) based on particle swarm optimization (PSO). The main work of this paper can be summarized as follows: firstly, the K-Means algorithm of data mining method is selected as the basis of anomaly detection method, and then the particle swarm optimization algorithm is used to optimize it, that is, PSO-KM algorithm. And this algorithm to establish the anomaly detection mechanism. Secondly, the libpcap development library is used to capture the network data traffic on the Web server. According to the abnormal situation that the Web server is attacked by DDoS, five traffic characteristic attributes are selected to form the traffic feature vector. Finally, the DDoS attack behavior is detected by using the established anomaly detection mechanism. The experiments show that compared with the detection method established by K-Means algorithm, the method has better learning efficiency, the detection rate increases by an average of 5 percentage points, the false alarm rate decreases by an average of 1 percentage point, and the DDoS attack behavior can be effectively recognized. For the further study of Web server prevention work laid a foundation.
【学位授予单位】:郑州大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2312019
[Abstract]:With the development of Internet, Web technology is changing people's daily life. On the one hand, Web technology makes our life more convenient, on the other hand, the security problems are increasingly prominent, especially the security of Web server as the Internet infrastructure. In recent years, some government agencies, bank websites and other cases of distributed denial-of-service attacks emerge in endlessly. The Web server is paralyzed by attacks, resulting in huge losses. Based on this, how to detect the DDoS attack of Web server becomes an urgent task, which is also an important research direction in the field of network security. Aiming at DDoS attack of Web server, this paper presents a DDoS attack detection method based on K-means clustering algorithm (PSO-KM) based on particle swarm optimization (PSO). The main work of this paper can be summarized as follows: firstly, the K-Means algorithm of data mining method is selected as the basis of anomaly detection method, and then the particle swarm optimization algorithm is used to optimize it, that is, PSO-KM algorithm. And this algorithm to establish the anomaly detection mechanism. Secondly, the libpcap development library is used to capture the network data traffic on the Web server. According to the abnormal situation that the Web server is attacked by DDoS, five traffic characteristic attributes are selected to form the traffic feature vector. Finally, the DDoS attack behavior is detected by using the established anomaly detection mechanism. The experiments show that compared with the detection method established by K-Means algorithm, the method has better learning efficiency, the detection rate increases by an average of 5 percentage points, the false alarm rate decreases by an average of 1 percentage point, and the DDoS attack behavior can be effectively recognized. For the further study of Web server prevention work laid a foundation.
【学位授予单位】:郑州大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前5条
1 高能;冯登国;向继;;一种基于数据挖掘的拒绝服务攻击检测技术[J];计算机学报;2006年06期
2 赵国锋;喻守成;文晟;;基于用户行为分析的应用层DDoS攻击检测方法[J];计算机应用研究;2011年02期
3 吴鹏;汪健;;基于AIS的DDoS攻击检测策略[J];制造业自动化;2011年20期
4 谢柏林;蒋盛益;张倩生;;基于请求关键词的应用层DDoS攻击检测方法[J];计算机科学;2013年07期
5 韩秋凤;;基于流量预测和相关系数的异常检测[J];微计算机信息;2010年01期
本文编号:2312019
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2312019.html
