计算机工程 ›› 2012, Vol. 38 ›› Issue (12): 13-16.doi: 10.3969/j.issn.1000-3428.2012.12.004

• 专栏 • 上一篇    下一篇

基于FSS时间序列分析的DDoS检测算法

王 硕,赵荣彩,单 征   

  1. (信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:2011-07-20 出版日期:2012-06-20 发布日期:2012-06-20
  • 作者简介:王 硕(1986-),男,硕士研究生,主研方向:网络安全;赵荣彩,教授、博士生导师;单 征,副教授、博士研究生

Distributed Denial of Service Detection Algorithm Based on FSS Time Series Analysis

WANG Shuo, ZHAO Rong-cai, SHAN Zheng   

  1. (Institute of Information Engineering, Information Engineering University, Zhengzhou 450002, China)
  • Received:2011-07-20 Online:2012-06-20 Published:2012-06-20

摘要:

通过分析分布式拒绝服务(DDoS)攻击的特征和攻击发生时数据流五元组熵值的变化,提出一种基于数据流结构稳定性(FSS)的检测算法。采用AR自回归模型估计FSS时间序列多维特征参数,使用经过样本训练的支持向量机对特征参数进行分类来识别攻击。经实验验证,该算法具备较高的检测质量。

关键词: 分布式拒绝服务攻击, 五元组, 熵, 自回归模型, 时间序列, 支持向量机

Abstract:

Through the analysis of the Distributed Denial of Service(DDoS) attack characteristics and the entropy changes of data flow five-tuple during the attacks, this paper proposes a detection model based on data Flow Struct Stability(FSS). This method through AR autoregression model to estimate multi-dimensional characteristic parameter of FSS time series, then classifies Support Vector Machine(SVM) with sample training into several categories and uses these results to identify the attacks. Experiments show that the model has high detection quality.

Key words: Distributed Denial of Service(DDoS) attack, five-tuple, entropy, autoregressive model, time series, Support Vector Machine(SVM)

中图分类号: