Abstract:
This paper presents a new abnormal traffic detection method: address-aggregated wobble-defended abnormal-traffic control system. This system employs adapted-bloom-filter algorithm to assemble purpose IP addresses, then uses wobble-defended CUSUM algorithm to detect pulsing denial of service attack, the method can work exactly and it declines the spending of system resources at maximum. A detection system employing this method has been run successfully in routers as an individual module.
Key words:
router,
denial of service,
wobble-defended,
aggreation
摘要: 提出一种新的异常流量检测方法——基于地址聚集的防抖动异常流量检测系统AWACS。该系统应用Adapted-Bloom-Filter算法对目的IP地址聚集,运用防聚集抖动的CUSUM算法检测是否有流量抖动的脉冲式攻击发生,使检测的结果更加准确,减少了系统的开销。该检测系统已作为一个独立的模块,成功运行于核心路由器中。
关键词:
路由器,
拒绝服务,
防抖动,
聚集
CLC Number:
WU Gu-qing. Address-aggregated Wobble-defended Abnormal-traffic Control System[J]. Computer Engineering, 2008, 34(1): 175-177,.
吴国庆. 基于地址聚集防抖动异常流量控制系统[J]. 计算机工程, 2008, 34(1): 175-177,.