计算机应用 ›› 2017, Vol. 37 ›› Issue (1): 128-133.DOI: 10.11772/j.issn.1001-9081.2017.01.0128

• 2016年全国开放式分布与并行计算学术年会(DPCS2016)论文 • 上一篇    下一篇

基于Web行为轨迹的应用层DDoS攻击防御模型

刘泽宇, 夏阳, 张义龙, 任远   

  1. 中国矿业大学 计算机科学与技术学院, 江苏 徐州 221116
  • 收稿日期:2016-07-26 修回日期:2016-08-08 出版日期:2017-01-10 发布日期:2017-01-09
  • 通讯作者: 刘泽宇
  • 作者简介:刘泽宇(1992-),男,湖北咸宁人,硕士研究生,主要研究方向:网络安全、电子商务;夏阳(1962-),男,江苏徐州人,教授,博士,主要研究方向:网络计算、Web应用、电子商务;张义龙(1991-),男,河北邢台人,硕士研究生,主要研究方向:网络安全、机器学习;任远(1989-),男,江苏徐州人,硕士研究生,主要研究方向:网络安全、人工智能。

Application-layer DDoS defense model based on Web behavior trajectory

LIU Zeyu, XIA Yang, ZHANG Yilong, REN Yuan   

  1. College of Computer Science and Technology, China University of Mining and Technology, Xuzhou Jiangsu 221116, China
  • Received:2016-07-26 Revised:2016-08-08 Online:2017-01-10 Published:2017-01-09

摘要: 为了有效防御应用层分布式拒绝服务攻击(DDoS),定义了一种搭建在Web应用服务器上的基于Web行为轨迹的防御模型。把用户的访问行为抽象为Web行为轨迹,根据攻击请求的生成方式与用户访问Web页面的行为特征,定义了四种异常因素,分别为访问依赖异常、行为速率异常、轨迹重复异常、轨迹偏离异常。采用行为轨迹化简算法简化行为轨迹的计算,然后计算用户正常访问网站时和攻击访问时产生的异常因素的偏离值,来检测针对Web网站的分布式拒绝服务攻击,在检测出某用户产生攻击请求时,防御模型禁止该用户访问来防御DDoS。实验采用真实数据当作训练集,在模拟不同种类攻击请求下,防御模型短时间识别出攻击并且采取防御机制抵制。实验结果表明,Web行为轨迹的防御模型能够有效防御针对Web网站的分布式拒绝服务攻击。

关键词: 分布式拒绝服务攻击, 应用层, Web行为轨迹, 攻击防御

Abstract: To defense application-layer Distributed Denial of Service (DDoS) built on the normal network layer, a defense model based on Web behavior trajectory in the Web application server was constructed. User's access behavior was abstracted into Web behavior trajectory, and according to the generation approach about attack request as well as behavior characteristics of user access to Web pages, four kinds of suspicion were defined, including access dependency suspicion, behavior rate suspicion, trajectory similarity suspicion, and trajectory deviation suspicion. The deviation values between normal sessions and attack sessions were calculated to detect the application-layer DDoS to a specific website. The defense model prohibited the user access from DDoS when detecting the attack request generated by the user. In the experiment, real data was acted as the training set. Then, through simulating different kinds of attack request, the defense model could identify the attack request and take the defense mechanism against the attack. The experimental results demonstrate that the model can detect and defense the application-layer DDoS to a specific website.

Key words: Distributed Denial of Service (DDoS), application-layer, Web behavior trajectory, attack defence

中图分类号: