节点文献
基于模糊聚类的DDoS攻击检测方法研究
Research of Detecting the DDoS Attack Based on Fuzzy Clustering
【作者】 熊雅;
【作者基本信息】 湖南大学 , 软件工程, 2010, 硕士
【摘要】 分布式拒绝服务(DDoS, Distributed Denial of Service)攻击是一种常见的恶意攻击形式,由于其隐蔽性和分布性而难于检测和防御,近年来它给因特网业务带来了不可估量的损失。研究DDoS攻击的有效检测和防范方法成为了网络攻击检测领域一个十分重要的问题。目前人们对DDoS攻击进行防范、检测和反击做了大量的研究工作,也取得了一些突破和进展。首先介绍了目前网络通信所用协议的基本原理,接下来介绍了DoS攻击的定义和攻击方式。在其基础上,引出分布式的拒绝服务攻击。详细剖析了DDoS攻击的体系结构和工作原理,对其攻击手段和攻击方法作全面深入的研究、比较和总结。DDoS检测技术包括两大类:异常检测和特征检测,介绍了基于这两种检测方案的DDoS攻击检测方法。已经提出的DDoS攻击检测方法都是针对某一类型的攻击进行检测,如果在攻击的过程中,攻击的方法或者组包的方式发生变化,很有可能导致检测失败或者检测率下降。为了能够动态检测DDoS攻击,适应攻击的变化,引入了聚类分析和模糊理论,将模糊聚类的方法应用到对攻击数据包的检测上,提出了一种基于模糊模式识别的攻击检测模型,该模型建立了两个模糊集,计算当前数据包对两个模糊集的隶属度和两个模糊集的模糊相似度,从而判断当前数据包是否正常,实现异常数据包的过滤。在对数据包进行过滤的过程中,根据当前数据包的信息对两个模糊集进行动态更新,保证模糊集能够适应攻击的变化。经实验证明,该方法能有效的过滤DDoS攻击包,同时具有较好的自适应性和自学习性。相对于已有的检测方法,本文提出的方法能够较好地适应攻击的变法。
【Abstract】 DDoS(Distributed Denial of Service) is a common malicious attacks. With the hiding and distributed attack, and it is not easy to detect and defend the DDoS. The DDoS has brought immeasurable loss in recent years. The research of detecting and defending the DDoS effectively is a important issue. Currently, a lot of job has been done for detecting and defending the DDoS, and some breakthroughs and progress have been made.Firstly, we introduce the network protocol, definition and principles of DoS. The architecture and the principle of DDoS are analyzed in detailed. We given a comprehensive and in-depth research on the attack methods, and get some comparison and summary. There are two way to detect the DDoS, feature detection and anomaly detection, which are introduced in this paper.The detection of DDoS has been proposed are focusing on corresponding type of attacks. During the attacking, if the way of attacking or the feature of the attacking packets have changed, the rate of detecting will decline, even failure to detect the attack. In order to detect dynamic DDoS attacks and fit the change of the attack, we introduce the cluster analysis and fuzzy theory. The fuzzy clustering is applied to detect the attacking packets. A schema of detecting the DDoS is proposed in this paper, in this schema, two fuzzy sets are built. When we analyze the income packets, the membership functions of packet to the fuzzy sets and the fuzzy similarity of the two sets are computed, which can be used to decide whether the packets is normal. When we detecting the packets, the fuzzy sets will be updated dynamically and ensure that the schema to adapt to the changes of the attack.The experiment proved that the method is effective for the DDoS attack. At the same time, the schema is self-adaptive and self-learning. Compared to the existing schema, this method can adapt to the changes of the attacks.