电子与信息学报
電子與信息學報
전자여신식학보
JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY
2013年
10期
2307-2313
,共7页
荣宏%王会梅%鲜明%施江勇
榮宏%王會梅%鮮明%施江勇
영굉%왕회매%선명%시강용
网络安全%降质服务攻击%盲源分离%快速独立成分分析%特征提取
網絡安全%降質服務攻擊%盲源分離%快速獨立成分分析%特徵提取
망락안전%강질복무공격%맹원분리%쾌속독립성분분석%특정제취
Network security%Reduction of Quality (RoQ) attack%Blind sources separation%Fast Independent Component Analysis (ICA)%Feature extraction
降质服务(Reduction of Quality, RoQ)攻击比传统的拒绝服务攻击(Denial of Service, DoS)攻击更具有隐秘性和多变性,这使得检测该攻击十分困难。为提高检测准确率并及时定位攻击源,该文将攻击流量提取建模为一个盲源分离过程,提出了基于快速ICA (Independent Component Analysis)的攻击流特征提取算法,从若干观测网络和终端设备中分离出RoQ攻击流,然后提取表征攻击流的特征参数。接着设计了一种基于支持向量机的协同检测系统和检测算法,通过用已标记的有攻击和无攻击的样本训练SVM分类器,最终实现RoQ攻击的检测。仿真结果表明该方法能够有效检测并定位伪造IP地址的RoQ攻击,检测率达到90%以上,而选取合适的ICA参数会提高检测效果。
降質服務(Reduction of Quality, RoQ)攻擊比傳統的拒絕服務攻擊(Denial of Service, DoS)攻擊更具有隱祕性和多變性,這使得檢測該攻擊十分睏難。為提高檢測準確率併及時定位攻擊源,該文將攻擊流量提取建模為一箇盲源分離過程,提齣瞭基于快速ICA (Independent Component Analysis)的攻擊流特徵提取算法,從若榦觀測網絡和終耑設備中分離齣RoQ攻擊流,然後提取錶徵攻擊流的特徵參數。接著設計瞭一種基于支持嚮量機的協同檢測繫統和檢測算法,通過用已標記的有攻擊和無攻擊的樣本訓練SVM分類器,最終實現RoQ攻擊的檢測。倣真結果錶明該方法能夠有效檢測併定位偽造IP地阯的RoQ攻擊,檢測率達到90%以上,而選取閤適的ICA參數會提高檢測效果。
강질복무(Reduction of Quality, RoQ)공격비전통적거절복무공격(Denial of Service, DoS)공격경구유은비성화다변성,저사득검측해공격십분곤난。위제고검측준학솔병급시정위공격원,해문장공격류량제취건모위일개맹원분리과정,제출료기우쾌속ICA (Independent Component Analysis)적공격류특정제취산법,종약간관측망락화종단설비중분리출RoQ공격류,연후제취표정공격류적특정삼수。접착설계료일충기우지지향량궤적협동검측계통화검측산법,통과용이표기적유공격화무공격적양본훈련SVM분류기,최종실현RoQ공격적검측。방진결과표명해방법능구유효검측병정위위조IP지지적RoQ공격,검측솔체도90%이상,이선취합괄적ICA삼수회제고검측효과。
RoQ (Reduction of Quality) attack is more stealthy and changeable than traditional DoS (Denial of Service) attack, which makes detection of RoQ extremely difficult. In order to improve detection accuracy and locate attack sources in time, this paper turns modeling attack flow extraction into a process of blind sources separation. A method is proposed based on fast ICA (Independent Component Analysis) to detach RoQ flow from several observation network devices and terminals. Then, some features’ parameters that represent attack flow are extracted. After that, a system of collaborative detection system is designed on the basis of SVM (Support Vector Machine), using marked attack and no-attack samples to train the SVM classifier in order to detect RoQ attack finally. Simulation results illustrate that this method can detect IP spoofed RoQ attack as well as locate the attacker, accuracy of which reaches up to 90%. Moreover, choosing appropriate ICA parameters will improve results to some extent.