Journal of Computer Applications ›› 2009, Vol. 29 ›› Issue (11): 2952-2956.
• Security of information and network • Previous Articles Next Articles
Zong-lin LI,Guang-min HU,Dan YANG,Xing-miao YAO
Received:
Revised:
Online:
Published:
Contact:
李宗林1,胡光岷1,杨丹1,姚兴苗2
通讯作者:
基金资助:
Abstract: DDoS attack is hard to detect in backbone network, for the reason that attack flows are distributed in multiple links and prone to be masked by tremendous amounts of background traffic. To solve this problem, a detection method based on global abnormal correlation analysis was proposed. The change of correlation between traffic caused by attack flows was exploited for attack detection, the correlation between potentially anomalous traffic was extracted by principle component analysis, and its change degree was used as an indicator of attack. Evaluation shows effectiveness of the proposed method, and proves that it overcomes the difficulties in detecting relatively low volume of DDoS attack transiting in backbone network. Compared with the existing network-wide detection method, it achieves higher detection rate.
Key words: network security, correlation analysis, Principle Component Analysis (PCA)
摘要: 骨干网中存在的DDoS攻击,由于背景流量巨大,且分布式指向受害者的多个攻击流尚未汇聚,因此难以进行有效的检测。为了解决该问题,提出一种基于全局流量异常相关分析的检测方法。根据攻击流引起流量之间相关性的变化,采用主成分分析提取多条流量中潜在异常部分之间的相关性,并将相关性变化程度作为攻击检测测度。实验结果证明了该测度的可用性,能够克服骨干网中DDoS攻击流幅值相对低且不易检测的困难,同现有的全局流量检测方法相比,所提出的方法能够取得更高的检测率。
关键词: 网络安全, 相关性分析, 主成分分析
Zong-lin LI Guang-min HU Dan YANG Xing-miao YAO. Global abnormal correlation analysis method for DDoS attack detection[J]. Journal of Computer Applications, 2009, 29(11): 2952-2956.
李宗林 胡光岷 杨丹 姚兴苗. DDoS攻击的全局异常相关检测方法[J]. 计算机应用, 2009, 29(11): 2952-2956.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.joca.cn/EN/
http://www.joca.cn/EN/Y2009/V29/I11/2952