计算机工程 ›› 2008, Vol. 34 ›› Issue (14): 149-151.doi: 10.3969/j.issn.1000-3428.2008.14.053

• 安全技术 • 上一篇    下一篇

基于Hurst指数方差分析的DDoS攻击检测方法

张小明,许晓东,朱士瑞   

  1. (江苏大学计算机科学与通信工程学院,镇江 212013)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-07-20 发布日期:2008-07-20

Detecting Method for DDoS Attack Based on Variance Analysis of Hurst Exponent

ZHANG Xiao-ming, XU Xiao-dong, ZHU Shi-rui   

  1. (School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang 212013)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-07-20 Published:2008-07-20

摘要: 研究分布式拒绝服务(DDoS)攻击对网络自相似性的影响,提出一种通过计算Hurst指数方差检测DDoS攻击的方法,通过使用MIT的林肯实验室数据进行试验,得出DDoS攻击的判决条件。实验表明,该方法能检测DDoS攻击引起的Hurst指数方差的变化,其检测率比传统的特征匹配方法高出8%,误报率比自相似性检测方法低了3%。

关键词: 网络自相似, 分布式拒绝服务攻击, Hurst指数方差分析, 小波分析

Abstract: This paper studies the change of the self-similarity caused by DDoS attack, and proposes a method to detect DDoS attack by calculating the variance of Hurst exponent. An experiment with the dataset of MIT Lincoln Laboratory is conducted to obtain the adjust criterion of DDoS attack. It shows that the proposed method can detect DDoS attack caused by changed variance of Hurst exponent and has higher detection efficiency. Its detection rate is 8% higher than the traditional method of feature matching, while the false alarm rate is 3% lower than the self-similar detecting method.

Key words: network self-similarity, DDoS attack, variance analysis of Hurst exponent, wavelet analysis

中图分类号: