《计算机应用研究》|Application Research of Computers

基于全局网络PCA的DDoS攻击检测方法

DDoS detection method based on network-wide PCA

免费全文下载 (已被下载 次)  
获取PDF全文
作者 柳祎,付枫,孙鑫
机构 1.解放军63778 部队,黑龙江 佳木斯 154002;2.吉林大学 计算机科学与技术学院,长春 130012
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2012)06-2205-03
DOI 10.3969/j.issn.1001-3695.2012.06.053
摘要 随着网络规模的不断扩充, 对于DDoS攻击的集中式检测方法已经无法满足实时性和准确性等要求。针对大规模网络中的DDoS攻击行为, 提出了一种基于全局PCA的分布式拒绝服务攻击检测方法(WPCAD)。该方法由传统的OD矩阵得出各节点的ODin矩阵, 各分布式处理单元通过PCA分析到达该节点的多路OD流之间的相关性, 利用DDoS攻击流引起流量之间相关性突变的特性来完成检测。该方法采用分布式处理的方式, 降低了检测数据所消耗的带宽, 并满足了检测的实时性。实验结果表明该方法具有更好的检测效果。
关键词 分布式拒绝服务攻击;全局网络主成分分析;OD矩阵;分布式检测
基金项目 国家自然科学基金资助项目(60973136)
本文URL http://www.arocmag.com/article/01-2012-06-053.html
英文标题 DDoS detection method based on network-wide PCA
作者英文名 LIU Yi, FU Feng, SUN Xin
机构英文名 1. Unit 63778 of PLA, Jiamusi Heilongjiang 154002, China; 2. College of Computer Science & Technology, Jilin University, Changchun 130012, China
英文摘要 With the extension of network scale, the centralized detection method against DDoS had failed to meet requirements such as real-time and accuracy. This paper presented a distributed method based on WPCAD to detect increasingly serious DDoS attacks. DDoS attack flows could cause correlation between the abnormal traffic generated by certain tools and originated from different nodes. By taking advantage of this feature, this method first got ODin matrixes from the original OD matrixes, then each processing unit extracted the correlation between potential anomalous traffic by principle component analysis(PCA). This method cunsumed less network bandwidth and met the requirement of real-time with the distributed structure. The experimental results show that this method has better detection effect.
英文关键词 DDoS attacks; network-wide PCA; OD matrix; distributed detection
参考文献 查看稿件参考文献
 
收稿日期
修回日期
页码 2205-2207
中图分类号 TP393
文献标志码 A