计算机应用 ›› 2012, Vol. 32 ›› Issue (06): 1620-1622.DOI: 10.3724/SP.J.1087.2012.01620

• 信息安全 • 上一篇    下一篇

基于主成分分析的拒绝服务和网络探测攻击检测

李洁颖,邵超   

  1. 河南财经政法大学 计算机与信息工程学院,郑州 450000
  • 收稿日期:2011-11-23 修回日期:2012-01-16 发布日期:2012-06-04 出版日期:2012-06-01
  • 通讯作者: 李洁颖
  • 作者简介:李洁颖(1981-),女, 河南新乡人,讲师,硕士,主要研究方向:网络安全、模式识别;〓邵超(1977-),男,河南三门峡人,副教授,博士,主要研究方向:机器学习、数据可视化。
  • 基金资助:
    国家自然科学基金资助项目;河南省基础与前沿技术研究项目

Detection of denial of service and network probing attacks based on principal component analysis

LI Jie-ying,SHAO Chao   

  1. School of Computer and Information Engineering, Henan University of Economics and Law, Zhengzhou Henan 450000, China
  • Received:2011-11-23 Revised:2012-01-16 Online:2012-06-04 Published:2012-06-01
  • Contact: LI Jie-ying

PDF

摘要: 针对拒绝服务和网络探测攻击难以检测的问题,提出了一种新的基于主成分分析的拒绝服务和网络探测攻击检测方法。首先在攻击流量和正常流量数据集上应用主成分分析,得到所有流量数据集的各种不同统计量;然后依据这些统计量构造攻击检测模型。实验表明:该模型检测拒绝服务和网络探测攻击的检测率达到99%;同时能够让受攻击对象在有限的时间内做出反应,减少攻击对服务器的危害程度。

关键词: 主成分分析, 拒绝服务, 网络探测攻击

Abstract: To solve the problem of detecting Denial of Service (DoS) and network probing attacks, a new method based on Principal Component Analysis (PCA) was proposed in this paper. PCA was done on both attack and normal traffic to collect various statistics, and then the detection model was constructed based on these statistics. At last, this paper utilized the threshold of the statistics to achieve a fixed rate of false alarms. The experimental results show that this approach can detect DoS and network probing attacks effectively, and yield 99 percent detection rate; in addition, security masters can make responses in time and the responses can reduce the loss under real-time attacks.

Key words: Principal Component Analysis (PCA), Denial of Service (DoS), network probing attacks

版权所有 © 2021 四川计算机应用杂志社有限公司
蜀ICP备 05010208 号-3 新出网证(川)字026号
技术支持:北京玛格泰克科技发展有限公司
访问总数:
今日访问: