软件学报
軟件學報
연건학보
JOURNAL OF SOFTWARE
2013年
6期
1263-1273
,共11页
王风宇%曹首峰%肖军%云晓春%龚斌
王風宇%曹首峰%肖軍%雲曉春%龔斌
왕풍우%조수봉%초군%운효춘%공빈
应用层DDoS%Web群体%外联行为%CUSUM
應用層DDoS%Web群體%外聯行為%CUSUM
응용층DDoS%Web군체%외련행위%CUSUM
application-layer DDoS%Web community%out-linking behavior%CUSUM
由于攻击者采用各种技术手段隐藏攻击行为,DDoS攻击变得越发难以发现,应用层DDoS成为Web服务器所面临的最主要威胁之一。从通信群体的层面分析 Web 通信的外联行为特征的稳定性,并提出了一种应用层DDoS检测方法。该方法用CUSUM算法检测Web群体外联行为参数的偏移,据此来判断DDoS攻击行为的发生。由于外联行为模型刻画的是Web通信群体与外界的交互,并非用户个体行为,所以攻击者难以通过模仿正常访问行为规避检测。该方法不仅能够发现用户群体访问行为的异常,而且能够有效区分突发访问和应用层DDoS攻击。模拟实验结果表明,该方法能够有效检测针对Web 服务器的不同类型的DDoS攻击。
由于攻擊者採用各種技術手段隱藏攻擊行為,DDoS攻擊變得越髮難以髮現,應用層DDoS成為Web服務器所麵臨的最主要威脅之一。從通信群體的層麵分析 Web 通信的外聯行為特徵的穩定性,併提齣瞭一種應用層DDoS檢測方法。該方法用CUSUM算法檢測Web群體外聯行為參數的偏移,據此來判斷DDoS攻擊行為的髮生。由于外聯行為模型刻畫的是Web通信群體與外界的交互,併非用戶箇體行為,所以攻擊者難以通過模倣正常訪問行為規避檢測。該方法不僅能夠髮現用戶群體訪問行為的異常,而且能夠有效區分突髮訪問和應用層DDoS攻擊。模擬實驗結果錶明,該方法能夠有效檢測針對Web 服務器的不同類型的DDoS攻擊。
유우공격자채용각충기술수단은장공격행위,DDoS공격변득월발난이발현,응용층DDoS성위Web복무기소면림적최주요위협지일。종통신군체적층면분석 Web 통신적외련행위특정적은정성,병제출료일충응용층DDoS검측방법。해방법용CUSUM산법검측Web군체외련행위삼수적편이,거차래판단DDoS공격행위적발생。유우외련행위모형각화적시Web통신군체여외계적교호,병비용호개체행위,소이공격자난이통과모방정상방문행위규피검측。해방법불부능구발현용호군체방문행위적이상,이차능구유효구분돌발방문화응용층DDoS공격。모의실험결과표명,해방법능구유효검측침대Web 복무기적불동류형적DDoS공격。
Distributed denial of service (DDoS) attacks have become more and more difficult to detect due to various hiding techniques that have been adopted. Application-Layer the DDoS attack is becoming a major threat to the current network. This paper analyzes the stability of out-linking behavior on the level of Web community and proposes an approach for detecting application-layer DDoS aimed at Web server. CUSUM is used to detect the offset of out-linking parameters and determine the attack occurring. Rather than the individual behavior, out-linking parameters are about the group behavior of Web community, so it is difficult to circumvent detecting by simulating normal accesses. This approach can not only detect the anomaly of accessing behavior, but can also distinguish flash crowd and application-layer DDoS. The results of simulated experiments show that this approach can detect various types of DDoS attacks aiming at Web servers effectively.
