• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 计算机网络与信息安全 • 上一篇    下一篇

基于改进模糊C-均值聚类的DDoS攻击安全态势评估模型

张瑞芝1,唐湘滟1,程杰仁1,2   

  1. (1.海南大学信息科学技术学院,海南 海口 570228;2.南海海洋资源利用国家重点实验室,海南 海口 570228)
  • 收稿日期:2018-06-20 修回日期:2018-08-19 出版日期:2018-11-25 发布日期:2018-11-25
  • 基金资助:

    海南省自然科学基金(617048,2018CXTD333);国家自然科学基金(61762033,61702539);湖南省自然科学基金(2018JJ3611);浙江省公益技术应用社会发展项目(LGF18F020019);海南大学博士启动基金(kyqd1328);海南大学青年基金(qnjj1444);南海海洋资源利用国家重点实验室资助

A DDoS attack security situation assessment model
based on improved fuzzy C-means clustering

  1. (1.School of Information Science and Technology,Hainan University,Haikou 570228;
    2.State Key Laboratory of Marine Resource Utilization in South China Sea,Haikou 570228,China)
  • Received:2018-06-20 Revised:2018-08-19 Online:2018-11-25 Published:2018-11-25

摘要:

新型网络环境下,传统的网络态势评估方法已经不能有效地评估分布式拒绝服务攻击DDoS的安全态势。提出了基于改进模糊C均值FCM聚类的DDoS攻击的安全态势评估模型。该模型根据新老用户网络流IP地址状态变化和单双向网络流的融合特征,计算出网络系统各节点的风险指标,通过汇聚网络中各个节点的风险指标生成整个网络的安全态势信息,再用改进的模糊C-均值聚类算法将融合的安全态势信息分为五个安全等级,最后采用风险等级识别模型对整个网络的DDoS攻击安全态势进行定量评估。实验结果表明,该模型能够合理有效地评估DDoS攻击的安全态势,比现有的评估方法更准确灵活。
 

关键词: 分布式拒绝服务, 安全态势评估, 模糊C均值, 风险评估

Abstract:

Traditional network situation assessment methods cannot effectively evaluate the distributed denial of service (DDoS) attack security situation in the new network environment. We propose a DDoS attack security situation assessment model based on improved fuzzy C-means (FCM) clustering. This model generates a fusion feature gained from network flow IP address changes of old and new users and unilateral and bilateral network flow, and calculates the risk indexes of each network node on the basis of the fusion feature. The security situation information of the whole network can be obtained by fusing the risk indexes of all the nodes in the network, which is then classified into five security levels by the improved FCM. The DDoS attack security situation of the whole network therefore can be quantitatively evaluated by the proposed model. Experiments on real DDoS data show that the proposed model can assess the DDoS attack security situation reasonably and effectively, and it is more flexible and accurate than existing methods.
 

Key words: distributed denial of service(DDoS), security situation assessment, fuzzy C-means(FCM), risk assessment