基于小波和分形原理的DDoS攻击检测方法
|
摘要
提出一种基于离散小波变换和分形原理的DDoS攻击检测方法。该方法通过离散小波变换的多分辩率分析突现DDoS攻击特征,对小波变换系数进行盒分形维计算,将经实验确定的关键盒维数作为多维空间的向量序列,最后使用经过样本训练的K-nn(K最近邻)分类器进行攻击识别。实验结果表明分形与小波相结合取得了较好的检测效果,与离散小波检测方法相比,该方法提高了检测精确度。
Based on the discrete wavelet transformation and fractal theory, this paper presents a DDoS detecting algorithm. This method has the character of DDoS attack appear clear by multiresolution analysis of wavelet transformation, and undertake box dimensions calculation for the transformation coefficient of discrete wavelet. the key box dimensions are confirmed by the experiment and are regarded as vector sequence of multidimensions space. Then the DDoS are recognized by applying the K-nearest neighbor classifier trained by the samples. The results of experiment show that the presented algorithm of combination of wavelet transformation and fractal theory can detect the DDoS attacks effectively. Comparing with the detecting method of discrete wavelet transformation, this method has improved the accuracy of detecting.
Based on the discrete wavelet transformation and fractal theory, this paper presents a DDoS detecting algorithm. This method has the character of DDoS attack appear clear by multiresolution analysis of wavelet transformation, and undertake box dimensions calculation for the transformation coefficient of discrete wavelet. the key box dimensions are confirmed by the experiment and are regarded as vector sequence of multidimensions space. Then the DDoS are recognized by applying the K-nearest neighbor classifier trained by the samples. The results of experiment show that the presented algorithm of combination of wavelet transformation and fractal theory can detect the DDoS attacks effectively. Comparing with the detecting method of discrete wavelet transformation, this method has improved the accuracy of detecting.
引文
[1]Huang Y,Pullen J M.Countering denial of service attacks using congestion triggered packet sampling and filtering[C].Proc.of the10th International Conference on Com-puter Communiations and Networks,2001
[2]Feinstein L,Schnackenberg D,Balupari R,et al.Statistical approaches to DDoS attack detection and response[C].Proc.of the DARPA Information Survivability Conference and Exposition,2003
[3]Barford P,Kline J,Plonka D,et al.A signal analysis of network traffic anomalies[C].Proc.of ACM SIGCOMM IMW2002:1 ̄12
[4]Raymond C Garela.WAID:wavelet analysis inrtusion de-tection[C].Proc.of IEEE Midwest Symposium on Circuits and Systems,2002,3:688 ̄691
[5]刘峰,胡昌振,帅艳民.基于分形特征的网络异常检测方法研究[J].计算机工程和应用,2004,22:34 ̄36
[6]陈颙,陈凌.分形几何学[M].北京:地震出版社,2005
[7]MIT Lincoln labs,LL DDoS1.0intrusion detection data set[EB/OL].http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html,2005
[8]MIT Lincoln labs.1999DARPA intrusion detection evalu-ation data set[EB/OL].http://www.Ll mit.edu/IST/ideval/data/1999/1999_data_index.html,2005
[9]陈国,胡修林.汉语普通话语间的分形特性及其盒维数的统计分析[J].信号处理,2000,16(4):296 ̄301
[2]Feinstein L,Schnackenberg D,Balupari R,et al.Statistical approaches to DDoS attack detection and response[C].Proc.of the DARPA Information Survivability Conference and Exposition,2003
[3]Barford P,Kline J,Plonka D,et al.A signal analysis of network traffic anomalies[C].Proc.of ACM SIGCOMM IMW2002:1 ̄12
[4]Raymond C Garela.WAID:wavelet analysis inrtusion de-tection[C].Proc.of IEEE Midwest Symposium on Circuits and Systems,2002,3:688 ̄691
[5]刘峰,胡昌振,帅艳民.基于分形特征的网络异常检测方法研究[J].计算机工程和应用,2004,22:34 ̄36
[6]陈颙,陈凌.分形几何学[M].北京:地震出版社,2005
[7]MIT Lincoln labs,LL DDoS1.0intrusion detection data set[EB/OL].http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html,2005
[8]MIT Lincoln labs.1999DARPA intrusion detection evalu-ation data set[EB/OL].http://www.Ll mit.edu/IST/ideval/data/1999/1999_data_index.html,2005
[9]陈国,胡修林.汉语普通话语间的分形特性及其盒维数的统计分析[J].信号处理,2000,16(4):296 ̄301
版权所有:© 2023 中国地质图书馆 中国地质调查局地学文献中心