RoQ攻击的特征提取和检测
DOI:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

国家自然科学基金(61170211)


Characteristics Extraction and Detection of RoQ Attack
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    降质攻击(RoQ)是一种非典型拒绝服务攻击,具有很强的隐蔽性,大多数传统的基于DoS攻击的检测方法不再适用.迄今为止,有不少学者提出了许多新的方法,但这些检测方法在不同程度上存在误报率较高的情况.为此,提出了一种改进的检测方法,它在分析和提取异常突变特征的基础上,对异常突变的局部流量进行了二次频谱分析,提取了攻击的周期特征,从而提高了检测的精确度.模拟实验及对比分析结果表明,该检测方法的检测精度高,其误报率和漏报率都很低.

    Abstract:

    Reduction of quality (RoQ) attack is an atypical denial of service (DoS) attack, which has a strong concealment. Consequently, most traditional methods of detection are no longer applicable. There are a number of new methods developed recently. However, most of these methods have higher false positive rate in varying degree. In this paper, a novel method is proposed based on the principle of time-frequency analysis with Wavelet multi-resolution and Cepstral technique. First, according to different time-domain characteristics, the potential anomaly is detected and the abrupt change point is located. Secondly, the local traffic around the abrupt change point is analyzed by cepstrum. The potential characteristics of attack periodicity is extracted. By the two-stage detection, this new method ultimately can confirm whether the network is affected by the attack. Results of simulations and real network experiments demonstrate that the presented algorithm can detect RoQ attacks accurately with very low false positive rate and false negative rate.

    参考文献
    相似文献
    引证文献
引用本文

文坤,杨家海,李晨曦,程凤娟,尹辉. RoQ攻击的特征提取和检测.软件学报,2015,26(S2):90-99

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2014-05-02
  • 最后修改日期:2014-08-22
  • 录用日期:
  • 在线发布日期: 2016-01-11
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号