• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2008, Vol. 30 ›› Issue (12): 23-26.

• 论文 • 上一篇    下一篇

基于k—Means改进算法的分布式拒绝服务攻击检测

刘运 殷建平 程杰仁 蔡志平   

  • 出版日期:2008-12-01 发布日期:2010-05-19

  • Online:2008-12-01 Published:2010-05-19

摘要:

分布式拒绝服务(DDoS)攻击是当前主要的网络安全威胁之一。本文分析了DDoS攻击的本质特征,提出了结合流量及流特征分布熵的检测策略,并根据问题需要改进了k—mea  ns聚类算法,并用之建立攻击检测模型。最后,使用LLDOS1.0数据集对该模型进行测试。实验结果表明,该模型具有良好的检测精度,验证了检测策略的有效性。

关键词: 分布式拒绝服务攻击 流特征分布熵 k&mdash, means聚类算法

Abstract:

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper analyses the essential characteristics of DDoS attack    s, and presents a novel detection scheme by combining the traffic volume with traffic feature distribution entropy. Furthermore, we improve the k-means    clustering algorithm, which is used to establish the attack detection model. Finally we test our detection model on the LLDOS1.0 dataset. The experiment    al results indicate that the model leads to an improved accuracy of attack detection.

Key words: DDoS attack, traffic feature distribution entropy, k-means clustering algorithm