计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (22): 96-98.

• 网络、通信、安全 • 上一篇    下一篇

非参数PCUSUM算法DDoS攻击检测

莫家庆1,胡忠望1,林瑜华2   

  1. 1.广东肇庆学院 计算机学院,广东 肇庆 526061
    2.广东肇庆学院 教育技术与计算机中心,广东 肇庆 526061
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-08-01 发布日期:2011-08-01

DDoS attack detection based on non-parameter PCUSUM algorithm

MO Jiaqing1,HU Zhongwang1,LIN Yuhua2   

  1. 1.College of Computer,Zhaoqing University,Zhaoqing,Guangdong 526061,China
    2.Center of Education and Computer,Zhaoqing University,Zhaoqing,Guangdong 526061,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-08-01 Published:2011-08-01

PDF

摘要: 针对DDoS攻击时受害端中报文段未确认率急剧变化的特点,提出一种有效的DDoS攻击检测方法,以达到在保证告警正确性的前提下缩短检测时间的目的。在受害端对TCP网络流进行检测,在每个时间间隔内统计未确认的报文段数量与总报文段的比率,并在下一时间间隔内对上一时间间隔的序列值进行修正,得到更准确的检测序列值,再运用非参数递归PCUSUM算法检测DDoS攻击。实验结果表明,该方法与CUSUM算法相比,具有更高的检测准确性和更快的检测速度。

关键词: DDoS攻击, PCUSUM算法, 受害端检测, 未确认报文段

Abstract: The paper aims at the sharp change of ratio of unacknowledged packets in victim end,presents an effective method of DDoS attack detection which can shorten the detection time on the premise of guarantee alarm correctness.Detecting TCP network flow at the victim end,in every time intervals the ratio of unacknowledged packets quantity and total packets is caculated,and in next time intervals the sequence value of last time intervalis is revised,and more accurate detecting sequence value is gotten.The non-parameter recursion PCUSUM algorithm is used to detect DDoS attack.Simulation experiment shows that the method has higher detection accuracy and can improve the rate of detection.

Key words: DDoS attack, PCUSUM algorithm, detection in victim end, unacknowledged packets

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数