CAJ | 학술논문

低速率拒绝服务LDoS （Low-rate Denial of Service ）攻击是一种基于TCP/IP协议漏洞，采用密集型周期性脉冲的攻击方式。本文针对分布式LDoS攻击脉冲到达目标端的时序关系，提出基于互相关的LDoS攻击检测方法。该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性，得到相关序列，采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间，利用无周期单脉冲预测技术估计LDoS攻击的周期参数，提取LDoS攻击的脉冲持续时间的相关性特征，并设计判决门限规则。实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能。
저속솔거절복무LDoS （Low-rate Denial of Service ）공격시일충기우TCP/IP협의루동，채용밀집형주기성맥충적공격방식。본문침대분포식LDoS공격맥충도체목표단적시서관계，제출기우호상관적LDoS공격검측방법。해방법통과계산구조적검측서렬여채양득도적망락류량서렬적상관성，득도상관서렬，채용기우순배권적적호상관산법래계산공격맥충경과불동전수통도재특정적공격목표단적정학시간，이용무주기단맥충예측기술고계LDoS공격적주기삼수，제취LDoS공격적맥충지속시간적상관성특정，병설계판결문한규칙。실험결과표명기우신호호상관적LDoS공격검측방법구유교호적검측성능。
Low-rate Denial of Service (LDoS ) attack is TCP-targeted attack ,which attempts to deny bandwidth of TCP flows .LDoS attacks send intensive periodic pulses at sufficiently low average rate to elude detection of DoS defense system .Based on the sequence relation between the distributed LDoS attack pulses arriving at the destination ,a cross-correlation LDoS attack de-tection method is proposed by using cyclic convolution .This method builds a detection sequence for the purpose of exploring the timing relationship for distributed LDoS attack pulses arriving at the specific destination .Through computing the relation between the constructed detection sequence and sampled network flow sequence ,the cross sequence is obtained .The cyclic convolution cross-re-lation algorithm is utilized to compute the precise time that the attack pulses arriving at the specific destination through different transferring channels .With nonperiodic monopulse prediction technology ,the periodic parameters of LDoS attack are estimated ,the relation characteristic of the pulse durations of LDoS attacks is extracted ,and the threshold rules are designed .Experimental results show that the proposed algorithm of LDoS attack detection based on signal correlation achieves good detection performance .