作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (23): 167-169. doi: 10.3969/j.issn.1000-3428.2007.23.058

• 安全技术 • 上一篇    下一篇

一种基于数据挖掘的DDoS攻击入侵检测系统

杨长春1,2,倪彤光2,薛恒新1   

  1. (1. 南京理工大学经济管理学院,南京 210094;2. 江苏工业学院计算机科学与工程系,常州 213164)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-12-05 发布日期:2007-12-05

DDoS Intrusion Detection System Based on Data Mining

YANG Chang-chun1,2, NI Tong-guang2, XUE Heng-xin1   

  1. (1. School of Economics & Management, Nanjing University of Science and Technology, Nanjing 210094; 2. Department of Computer Science and Technology, Jiangsu Polytechnic University, Changzhou 213164)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-12-05 Published:2007-12-05

摘要: 防御分布式拒绝服务(DDoS)攻击是当前网络安全中最难解决的问题之一。针对该问题文章设计了基于数据挖掘技术的入侵检测系统,使用聚类k-means方法结合Apriori关联规则,较好地解决了数值属性的分类问题,从数据中提取流量特征产生检测模型。实验表明,该系统可以有效检测DDoS攻击。

关键词: 分布式拒绝服务攻击, 入侵检测系统, 数据挖掘, 聚类算法, 关联规则

Abstract: Defending distributed denial of service(DDoS) attacks is one of the most difficult security problems in Internet. A novel intrusion detection system based on data mining to detect DDoS attacks in real time is presented. K-means cluster algorithm combining Apriori association algorithm is used to group the quantitative attributes in network traffic, and extracts traffic patterns from network data to generate detection models. Experimental result shows that DDoS attacks can be detected efficiently.

Key words: distributed denial of service(DDoS) attacks, intrusion detecting system, data mining, cluster algorithm, association algorithm

中图分类号: