摘要: 在分析分布式拒绝服务(DDoS)攻击现状与发展趋势的基础上,提出一种基于时间序列的网络数据流量势能分析模型,并构造相应的网络流量势能序列。利用自回归模型拟合得到网络数据流量的多维参数向量,以此为依据描述单位时间内网络数据流量势能的稳定性。采用基于支持向量机的方法对网络数据流量的特征参数向量进行分类和训练,获得与训练模型相匹配的最优网络数据流量势能集,实现对不同DDoS 攻击方式的流量特性
的准确描述。基于DARPA 数据集、IXIA 400T 网络测试仪等软硬件设施,构造真实且具有分析价值的网络环境,对网络流量势能分析模型进行验证,并与DDoS 攻击流量的识别精度、识别率等关键指标进行分析对比实验,结果表明,该模型对DDoS 攻击具有较高的检测精度和较优的检测质量。
关键词:
网络流量势能,
分布式拒绝服务攻击,
时间序列,
流量检测,
支持向量机,
DARPA 数据集
Abstract: This paper introduces the current situation and development of Distributed Denial of Service(DDoS) attack, and proposes a flow potential energy analysis model based on time sequence,constructs sequence of network flow
potential energy. It uses Auto Regression(AR) model to fit multi-dimensional parameter vector and describes the stability of network flow in unit time,and employs Support Vector Machine(SVM) based method to classify and train the target network flow character parameter vector,gains the best-matched network data flow potential energy set and final achieves accurate description of different DDoS attacks. It uses DARPA dataset,IXIA 400 network test machine and other softwarehardware fundamentals to construct a real and analysis of the value network,validates the network flow potential energy analysis model based on the constructed network. Analysis and contrasts of the key indicators include DDoS detection accuracy, recognition rate, etc. Experimental results show that the method has higher detection precision and comprehensive better detection quality to DDoS.
Key words:
network flow potential energy,
Distributed Denial of Service ( DDoS ) attack,
time sequence,
flow
detection,
Support Vector Machine(SVM),
DARPA dataset
中图分类号: