计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (14): 99-102.

• 网络、通信、安全 • 上一篇    下一篇

利用蚁群聚类检测应用层DDoS攻击的方法

张纹华,贾智平,李 新   

  1. 山东大学 计算机科学与技术学院,济南 250101
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-05-11 发布日期:2011-05-11

One method for application layer DDoS detection using ant clustering

ZHANG Wenhua,JIA Zhiping,LI Xin

  

  1. Department of Computer Science and Technology,Shandong University,Jinan 250101,China

  • Received:1900-01-01 Revised:1900-01-01 Online:2011-05-11 Published:2011-05-11

摘要: 提出了一种利用蚁群聚类检测应用层分布式拒绝服务攻击的方法,根据合法用户和攻击用户在浏览行为上的差异,从合法用户的Web日志中提取用户会话并计算不同会话间的相似度,运用一种蚁群聚类算法自适应地建立检测模型,利用该模型对待检测会话进行攻击识别。实验结果表明该方法能够有效地检测出攻击行为,并具有较好的适应性。

关键词: 应用层拒绝服务攻击, 浏览行为, 蚁群聚类算法, 异常检测

Abstract: A novel method using ant clustering to detect application layer Distributed Denial of Service(DDoS) attacks is presented.According to the difference between normal users’ browsing patterns and abnormal ones,user sessions are extracted from the web logs of normal users and similarities between different sessions are calculated,an improved ant clustering algorithm is employed to generate an adaptive detecting model.This model can be used to detect whether the undetermined sessions are DDoS attacks or not.The experiment results show that this method can detect attacks effectively and has a good performance in adaptability.

Key words: application layer denial of service attack, browsing behavior, ant clustering algorithm, abnormity detection