| 王风宇,曹首峰,肖军,云晓春,龚斌.一种基于Web 群体外联行为的应用层DDoS 检测方法.软件学报,2013,24(6):1263-1273 |
| 一种基于Web 群体外联行为的应用层DDoS 检测方法 |
| Method of Detecting Application-Layer DDoS Based on the Out-Linking Behavior of Web Community |
| 投稿时间:2011-06-02 修订日期:2012-05-29 |
| DOI:10.3724/SP.J.1001.2013.04274 |
| 中文关键词: 应用层DDoS Web 群体 外联行为 CUSUM |
| 英文关键词:application-layer DDoS Web community out-linking behavior CUSUM |
| 基金项目:国家自然科学基金(60803142); 山东省科技攻关计划(2010GGX10117) |
|
| 摘要点击次数: 2768 |
| 全文下载次数: 3043 |
| 中文摘要: |
| 由于攻击者采用各种技术手段隐藏攻击行为,DDoS 攻击变得越发难以发现,应用层DDoS 成为Web 服务器所面临的最主要威胁之一.从通信群体的层面分析Web 通信的外联行为特征的稳定性,并提出了一种应用层DDoS 检测方法.该方法用CUSUM 算法检测Web 群体外联行为参数的偏移,据此来判断DDoS 攻击行为的发生.由于外联行为模型刻画的是Web 通信群体与外界的交互,并非用户个体行为,所以攻击者难以通过模仿正常访问行为规避检测.该方法不仅能够发现用户群体访问行为的异常,而且能够有效区分突发访问和应用层DDoS 攻击.模拟实验结果表明,该方法能够有效检测针对Web 服务器的不同类型的DDoS 攻击. |
| 英文摘要: |
| Distributed denial of service (DDoS) attacks have become more and more difficult to detect due to various hiding techniques that have been adopted. Application-Layer the DDoS attack is becoming a major threat to the current network. This paper analyzes the stability of out-linking behavior on the level of Web community and proposes an approach for detecting application-layer DDoS aimed at Web server. CUSUM is used to detect the offset of out-linking parameters and determine the attack occurring. Rather than the individual behavior, out-linking parameters are about the group behavior of Web community, so it is difficult to circumvent detecting by simulating normal accesses. This approach can not only detect the anomaly of accessing behavior, but can also distinguish flash crowd and application-layer DDoS. The results of simulated experiments show that this approach can detect various types of DDoS attacks aiming at Web servers effectively. |
|
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |
