计算机工程与应用 ›› 2016, Vol. 52 ›› Issue (21): 116-120.

• 网络、通信与安全 • 上一篇    下一篇

基于聚类的应用层DDoS攻击检测方法研究

孙  剑,刘  渊,赵新杰   

  1. 江南大学 数字媒体学院,江苏 无锡 214122
  • 出版日期:2016-11-01 发布日期:2016-11-17

Detection of application layer DDoS attacks based on clustering

SUN Jian, LIU Yuan, ZHAO Xinjie   

  1. School of Digital Media, Jiangnan University, Wuxi, Jiangsu 214122, China
  • Online:2016-11-01 Published:2016-11-17

摘要: 目前应用层分布式拒绝服务(Application Layer Distributed Denial of Service,AL-DDoS)攻击对网络安全造成的威胁与日俱增,针对应用层用户访问行为,研究了一种基于多聚类中心近邻传播(Multi-Exemplar Affinity Propagation,MEAP)聚类算法的AL-DDoS攻击检测模型。该方法使用用户请求序列的信息熵作为输入,通过MEAP快速获得能够描述用户浏览行为的特征模型,对新加入的请求序列计算到各个聚类中心的距离,设定阈值从而区别正常与攻击序列。通过模拟实验表明,该方法能够有效地完成在线AL-DDoS攻击准实时检测。

关键词: 分布式拒绝服务攻击, 应用层, 近邻传播, 聚类, 入侵检测系统

Abstract: The Application Layer Distributed Denial of Service(AL-DDoS) attack has increased gradually as a threat on the security of network. For user access behavior, a new method based on Multi-Exemplar Affinity Propagation(MEAP) clustering algorithm is proposed in the paper to detect AL-DDoS. The method makes the entropy of request sequences as input to obtain the user behavior pattern by MEAP, and calculates the distance between the new coming request sequence and each cluster centers, finally distinguishes the normal and attack traffic. The simulation experiments show that the method can effectively complete the online detection about AL-DDoS.

Key words: Distributed Denial of Service(DDoS), application layer, affinity propagation, clustering, intrusion detection system