分布式拒绝服务攻击( DDoS)严重影响着网络安全,给网络的应用和发展带来了极大危害。目前,网络流量的自相似性、时间序列分析等已经成为DDoS攻击检测中重要的策略和技术。但是,当这些策略和技术单独使用时,DDoS攻击检测效果并不十分理想。文中提出一种利用网络单边连接密度( OWCD)、网络重尾特性、累积欧几里得距离等方法的复合式检测方法。运用该复合式DDoS攻击检测方法进行DDoS攻击检测时,能有效地区分出正常流量、DDoS攻击流量与突发业务流量,从而提高了DDoS攻击的检测效率。%Distributed Denials of Service ( DDoS) attacks have done great harm to the application and the development of Internet. Cur-rently,the self-similarity of network traffic and time series analysis have been the important strategies and technologies of DDoS attacks detection. But when these strategies and technologies are used individually,the results of DDoS detection are not ideal. A hybrid DDoS in-trusion detection method by the OWCD,heavy-tail property and accumulated Euclidean distance is proposed. The result shows that apply-ing the method to detect DDoS attacks,it could distinguish DDoS attacks traffic from normal traffic and burst traffic,to improve the detec-tion rate.
展开▼
