计算机工程 ›› 2009, Vol. 35 ›› Issue (4): 146-148.doi: 10.3969/j.issn.1000-3428.2009.04.051

• 安全技术 • 上一篇    下一篇

序列检测在DDoS检测中的应用

秦晓明1,2,赵建功3,姜建国2   

  1. (1. 焦作师范高等专科学校计算机与信息工程系,焦作 454000;2. 西安电子科技大学计算机学院,西安 7100713. 漯河职业技术学院计算机工程系,漯河 462002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-02-20 发布日期:2009-02-20

Application of Sequential Detection in DDoS Detection

QIN Xiao-ming1,2, ZHAO Jian-gong3, JIANG Jian-guo2   

  1. (1. Department of Computer and Information Engineering, Jiaozuo Teachers College, Jiaozuo 454000; 2. College of Computer, Xidian University, Xi’an 710071; 3. Department of Computer Engineering, Luohe Vocational and Technical College, Luohe 462002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-02-20 Published:2009-02-20

摘要: 针对DDoS攻击时的网络数据流分布规律发生变化的特点,提出利用序列检测的CUSUM方法来实时检测相关的变化点,得到DDoS攻击时统计规律的变化函数。经过实验证明,无参数的CUSUM方法是一种计算量小、无需设定复杂的参数、可对DDoS攻击进行实时分析,在较少的计算量下提高检测性能,是一种简单有效的入侵检测方法。

关键词: 序列检测, IP伪造, CUSUM方法

Abstract: According to the features of net data current rule and the changing compared with ordinary circumstances when DDoS attacks, this paper proposes that the changing function of statistical rule can be gained by CUSUM method of sequential detection to inspect the relavant changing point. It proves that the CUSUM method without parameter is a simple and effective intrusion detection system of little calculation needing no complex parameter. By this method, DDoS attack can be analyzed immediately and detection function can be improved.

Key words: sequential detection, IP spoofing, CUSUM method

中图分类号: