计算机工程 ›› 2010, Vol. 36 ›› Issue (06): 29-31.doi: 10.3969/j.issn.1000-3428.2010.06.010

• 博士论文 • 上一篇    下一篇

基于改进小波分析的DDoS攻击检测方法

吕良福1,张加万2,张 丹2   

  1. (1. 天津大学数学系,天津 300072;2. 天津大学计算机科学与技术学院,天津 300072)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-03-20 发布日期:2010-03-20

DDoS Attack Detection Method Based on Improved Wavelet Analysis

LV Liang-fu1, ZHANG Jia-wan2, ZHANG Dan2   

  1. (1. Department of Mathematics, Tianjin University, Tianjin 300072;2. School of Computer Science and Technology, Tianjin University, Tianjin 300072)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-03-20 Published:2010-03-20

摘要: 为准确及时检测DDoS攻击,在研究小波分析法检测DDoS攻击的基础上,提出一种基于主成分分析法和小波分析法的自适应DDoS检测方法,设计采用该方法检测DDoS攻击的模型及算法,分析其增大正常网络流量与异常网络流量之间Hurst参数差值的原因。实验结果表明,该方法减弱了检测结果对门限值的依赖性,提高检测率,防止漏报、误报情况的发生,且由于网络数据维数的降低,该方法大幅提高了检测速度。

关键词: 分布式拒绝服务, 网络自相似, 小波分析, 主成分分析

Abstract: In order to detect Distributed Denial of Service(DDoS) attack accurately and timely, a new detection method based on Principle Component Analysis(PCA) and wavelet analysis is proposed. Software model and algorithm for detection of DDoS attack is presented. In addition, key reasons for the change of the Hurst’s value in the new method are analyzed. Experimental results show the method reduces the dependence for threshold, promotes the detection rate, avoids the situation of fail report and distort. It also improves the detection speed.

Key words: Distributed Denial of Service(DDoS), network self-similarity, wavelet analysis, Principle Component Analysis(PCA)

中图分类号: