计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2009年
33期
93-95
,共3页
漫游蜜罐%DDoS攻击%秩和检验%防御模型
漫遊蜜罐%DDoS攻擊%秩和檢驗%防禦模型
만유밀관%DDoS공격%질화검험%방어모형
roaming honeypot%DDoS attacks%rank sum test%defense model
针对当前DDoS防御方法的不足,提出了一种基于漫游蜜罐的DDoS两阶段防御模型.该模型在第一阶段根据DDoS攻击的初期特征,建立简单高效的统计预警模型,并触发下一阶段防御;在第二阶段,应用秩和检验法自动选取检测特征,根据到重心的距离甄别合法与非法流,并对合法流进行漫游.实验结果表明,该模型能较早发现攻击,检测精度高,响应及时.
針對噹前DDoS防禦方法的不足,提齣瞭一種基于漫遊蜜罐的DDoS兩階段防禦模型.該模型在第一階段根據DDoS攻擊的初期特徵,建立簡單高效的統計預警模型,併觸髮下一階段防禦;在第二階段,應用秩和檢驗法自動選取檢測特徵,根據到重心的距離甄彆閤法與非法流,併對閤法流進行漫遊.實驗結果錶明,該模型能較早髮現攻擊,檢測精度高,響應及時.
침대당전DDoS방어방법적불족,제출료일충기우만유밀관적DDoS량계단방어모형.해모형재제일계단근거DDoS공격적초기특정,건립간단고효적통계예경모형,병촉발하일계단방어;재제이계단,응용질화검험법자동선취검측특정,근거도중심적거리견별합법여비법류,병대합법류진행만유.실험결과표명,해모형능교조발현공격,검측정도고,향응급시.
This paper proposes a two-phase model using roaming honeypot to prevent DDoS attacks due to the deficiency of present detection algorithms.In the first phase,in order to detect the attacks earlier and evoke the next phase,a simple and effi-cient statistical model is made in the probing stage of DDoS attacks.Then in the second phase,a set of effective detection charac-teristics is automatically chosen,using rank sum test,to compute distances from barycenter,which is able to differentiate between legal and illegal flows and prepare for roaming the legitimate flows timely.The experimental results show the effectiveness of the model in detecting and responding DDoS attacks.