基于拥塞参与度的分布式低速率DoS攻击检测过滤方法
收稿日期: 2009-04-13
修回日期: 2009-07-10
网络出版日期: 2010-06-22
基金资助
:国家自然科学基金资助项目(60603062);湖南省自然科学基金资助项目(06JJ3035);湖南省教育厅资助科研项目(07C718)
An Approach of Detecting Distributed LowRate DoS Attack Based on the Congestion Participation Rate
Received date: 2009-04-13
Revised date: 2009-07-10
Online published: 2010-06-22
分布式低速率拒绝服务攻击(DLDoS)利用已有网络协议和网络服务中自适应机制的漏洞发起攻击,其攻击效率和隐蔽性比传统洪泛式分布式拒绝服务攻击(DDoS)高得多,更加难于检测和防御。本文对DLDoS攻击进行了建模和形式化,提出了基于拥塞参与度的DLDoS攻击检测过滤方法。实验分析表明,该方法能有效检测DLDoS攻击,并降低误报率。
关键词: 分布式低速率拒绝服务攻击; 拥塞参与度; 建模和形式化; 攻击检测
张长旺1,殷建平1,蔡志平1,祝恩1,程杰仁1,2 . 基于拥塞参与度的分布式低速率DoS攻击检测过滤方法[J]. 计算机工程与科学, 2010 , 32(7) : 49 -52 . DOI: 10.3969/j.issn.1007130X.2010.
Distributed Lowrate DenialofService attacks (DLDoS) exploit the vulnerability of the adaptive behaviours exhibited by network protocols and network services. Its attack efficiency and ability of concealment are far higher than the traditional floodingbased DDoS attacks, thus it is harder to detect and defense. In this paper, we first model and formalize the DLDoS attacks, and then propose an approach of detecting DLDoS based on the congestion participation rate (CPR). Experiments and analysis demonstrate that the approach can detect the DLDoS attacks accurately and reduce the false alarm rate drastically.
/
| 〈 |
|
〉 |