基于信号互相关的LDoS攻击检测方法
发布时间:2019-06-29 12:37
【摘要】:LDoS(Low-Rate Denial of Service)攻击利用TCP拥塞控制协议的缺陷,向受害者发送高强度的短时周期脉冲流量。系统状态不断的在稳定与不稳定的状态间切换,导致网络的传输性能下降,以到达攻击目的。LDoS攻击的平均攻击流量很小完全隐藏在正常流量中,因此,从背景流量中检测LDoS攻击十分困难。分布式的低速率拒绝服务LDDoS(Low-rate Distributed DoS)攻击是由大量的LDoS攻击小脉冲形成较大的攻击脉冲。这小脉冲能隐藏在正常流量中。所有的分布式小脉冲通过不同的传输通道在特定的位置在精确的时间组成LDDoS攻击脉冲。因此,这些分布式的攻击脉冲之间有一定的相关性,每个攻击脉冲具有严格的时序关系。本文针对分布式LDoS攻击脉冲到达目标端的时序关系,提出了基于信号互相关的LDoS攻击检测方法。该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性,得到相关序列,采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间,利用无周期单脉冲预测技术估计LDoS攻击的周期参数,提取LDoS攻击的脉冲在时域上的相关性特征,并设计判决门限规则,进行了实验。实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能。
[Abstract]:LDoS (Low-Rate Denial of Service) attack) takes advantage of the defects of TCP congestion control protocol to send high intensity short-term periodic pulse traffic to victims. The system state is constantly switching between stable and unstable states, which leads to the decline of network transmission performance in order to achieve the purpose of attack. The average attack traffic of LDOs attack is very small and completely hidden in the normal traffic, so it is very difficult to detect LDoS attack from background traffic. Distributed low rate denial of service LDDoS (Low-rate Distributed DoS) attack is a large number of LDoS attack small pulse to form a large attack pulse. This small pulse can be hidden in normal traffic. All distributed small pulse forms LDDoS attack pulse at a specific position at a specific time through different transmission channels. Therefore, there is a certain correlation between these distributed attack impulses, and each attack pulse has a strict timing relationship. Aiming at the timing relation of distributed LDoS attack pulse arriving at the target end, a LDoS attack detection method based on signal cross-correlation is proposed in this paper. By calculating the correlation between the constructed detection sequence and the sampled network traffic sequence, the correlation sequence is obtained. The exact time of the attack pulse passing through different transmission channels at the specific target end is calculated by using the cross-correlation algorithm based on cyclic convolution. The periodic parameters of the LDoS attack are estimated by using the aperiodic monopulse prediction technique, and the correlation characteristics of the LDoS attack pulse in the time domain are extracted. The decision threshold rule is designed and the experiment is carried out. The experimental results show that the LDoS attack detection method based on signal cross-correlation has good detection performance.
【学位授予单位】:中国民航大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2507824
[Abstract]:LDoS (Low-Rate Denial of Service) attack) takes advantage of the defects of TCP congestion control protocol to send high intensity short-term periodic pulse traffic to victims. The system state is constantly switching between stable and unstable states, which leads to the decline of network transmission performance in order to achieve the purpose of attack. The average attack traffic of LDOs attack is very small and completely hidden in the normal traffic, so it is very difficult to detect LDoS attack from background traffic. Distributed low rate denial of service LDDoS (Low-rate Distributed DoS) attack is a large number of LDoS attack small pulse to form a large attack pulse. This small pulse can be hidden in normal traffic. All distributed small pulse forms LDDoS attack pulse at a specific position at a specific time through different transmission channels. Therefore, there is a certain correlation between these distributed attack impulses, and each attack pulse has a strict timing relationship. Aiming at the timing relation of distributed LDoS attack pulse arriving at the target end, a LDoS attack detection method based on signal cross-correlation is proposed in this paper. By calculating the correlation between the constructed detection sequence and the sampled network traffic sequence, the correlation sequence is obtained. The exact time of the attack pulse passing through different transmission channels at the specific target end is calculated by using the cross-correlation algorithm based on cyclic convolution. The periodic parameters of the LDoS attack are estimated by using the aperiodic monopulse prediction technique, and the correlation characteristics of the LDoS attack pulse in the time domain are extracted. The decision threshold rule is designed and the experiment is carried out. The experimental results show that the LDoS attack detection method based on signal cross-correlation has good detection performance.
【学位授予单位】:中国民航大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 吴志军;曾化龙;岳猛;;基于时间窗统计的LDoS攻击检测方法的研究[J];通信学报;2010年12期
2 冯江;刘渊;;基于熵参数的DDoS攻击检测算法研究[J];计算机工程与设计;2009年21期
3 孙长华;刘斌;;分布式拒绝服务攻击研究新进展综述[J];电子学报;2009年07期
4 何炎祥;曹强;刘陶;韩奕;熊琦;;一种基于小波特征提取的低速率DoS检测方法[J];软件学报;2009年04期
5 刘畅;薛质;施勇;;基于快速重传/恢复的低速拒绝服务攻击[J];信息安全与通信保密;2008年12期
6 汪华斌;刘卫国;;基于NS2的RED和BLUE算法仿真及结果分析[J];计算机与现代化;2008年11期
7 吴志军;岳猛;;基于卡尔曼滤波的LDDoS攻击检测方法[J];电子学报;2008年08期
8 吴志军;岳猛;;低速率拒绝服务LDoS攻击性能的研究[J];通信学报;2008年06期
9 魏蔚;董亚波;鲁东明;金光;;低速率TCP拒绝服务攻击的检测响应机制[J];浙江大学学报(工学版);2008年05期
10 何炎祥;刘陶;曹强;熊琦;韩奕;;低速率拒绝服务攻击研究综述[J];计算机科学与探索;2008年01期
,本文编号:2507824
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2507824.html
