计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (32): 115-117.

• 网络、通信、安全 • 上一篇    下一篇

低速率TCP拒绝服务攻击的小波检测方法

周 刚1,刘 渊2   

  1. 1.盐城工学院 信息工程学院,江苏 盐城 224051
    2.江南大学 数字媒体学院,江苏 无锡 214122
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-11-11 发布日期:2011-11-11

Wavelet-based detection method for low-rate TCP-targeted DoS

ZHOU Gang1,LIU Yuan2   

  1. 1.School of Information Engineering,Yancheng Institute of Technology,Yancheng,Jiangsu 224051,China
    2.School of Digital Media,Jiangnan University,Wuxi,Jiangsu 214122,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-11-11 Published:2011-11-11

摘要: 利用提升小波方法对受到LDoS攻击的TCP业务流采样样本的自相似性进行分析,NS2模拟实验结果表明,在攻击期间的混合流样本与正常流样本的Hurst指数有较大的差别,由此提出了一个基于提升小波的低速率拒绝服务攻击早期检测方法。

关键词: 入侵检测, 低速率拒绝服务, 自相似, 提升小波

Abstract: The TCP traffic flow attacked by LDoS is analyzed based on the lifting scheme for the wavelet transform.The experimental results on NS2 indicate that the Hurst parameter values between the legal TCP flow samples and the mixed flow samples during attacking period vary greatly,the method of early detecting LDoS attack is proposed.

Key words: intrusion detection, low-rate denial of service, self-similarity, lifting scheme