计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2013年
17期
9-11,62
,共4页
分布式拒绝服务攻击%条件随机场%特征向量%熵
分佈式拒絕服務攻擊%條件隨機場%特徵嚮量%熵
분포식거절복무공격%조건수궤장%특정향량%적
distributed denial of service attack%conditional random fields%feature vector%entropy
基于流量突发性、源IP地址的分散性、流非对称性等单一手段进行DDoS攻击检测,存在准确率低,虚警率高等问题。利用条件随机场不要求严格独立性假设与综合多特征能力的优点,提出了基于CRF模型融合特征规则集实现对DDoS攻击的检测方法,采用单边连接密度OWCD、IP包五元组熵IPE组成多维特征向量,仿真结果表明,在DARPA2000数据集下,检测准确率达99.82%、虚警率低于0.6%,且在强背景噪声干扰下无明显恶化。
基于流量突髮性、源IP地阯的分散性、流非對稱性等單一手段進行DDoS攻擊檢測,存在準確率低,虛警率高等問題。利用條件隨機場不要求嚴格獨立性假設與綜閤多特徵能力的優點,提齣瞭基于CRF模型融閤特徵規則集實現對DDoS攻擊的檢測方法,採用單邊連接密度OWCD、IP包五元組熵IPE組成多維特徵嚮量,倣真結果錶明,在DARPA2000數據集下,檢測準確率達99.82%、虛警率低于0.6%,且在彊揹景譟聲榦擾下無明顯噁化。
기우류량돌발성、원IP지지적분산성、류비대칭성등단일수단진행DDoS공격검측,존재준학솔저,허경솔고등문제。이용조건수궤장불요구엄격독립성가설여종합다특정능력적우점,제출료기우CRF모형융합특정규칙집실현대DDoS공격적검측방법,채용단변련접밀도OWCD、IP포오원조적IPE조성다유특정향량,방진결과표명,재DARPA2000수거집하,검측준학솔체99.82%、허경솔저우0.6%,차재강배경조성간우하무명현악화。
The traditional detection methods for DDoS attacks have low accuracy and high false alarms rate because those means are only based on one of such flow features as burst feature, dispersed source IP address, asymmetry flow and etc. This paper uses conditional random field to integrate many pattern match rules for DDoS attack detection. The feature vector includes one way connection density, source IP entropy, destination IP entropy, destination port entropy and protocol entropy. The simulation results show that the proposed method outperforms other well-known methods such as na?ve Bayes and SVM. The detection accuracy rate reaches 99.82%and the false alarm rate is less than 0.6%.The method is robustness under strong interference traffic noise.
