首页> 外文期刊>Parallel and Distributed Systems, IEEE Transactions on >Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach
【24h】

Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach

机译:检测应用程序拒绝服务攻击:一种基于组测试的方法

获取原文
获取原文并翻译 | 示例

摘要

Application DoS attack, which aims at disrupting application service rather than depleting the network resource, has emerged as a larger threat to network services, compared to the classic DoS attack. Owing to its high similarity to legitimate traffic and much lower launching overhead than classic DDoS attack, this new assault type cannot be efficiently detected or prevented by existing detection solutions. To identify application DoS attack, we propose a novel group testing (GT)-based approach deployed on back-end servers, which not only offers a theoretical method to obtain short detection delay and low false positiveegative rate, but also provides an underlying framework against general network attacks. More specifically, we first extend classic GT model with size constraints for practice purposes, then redistribute the client service requests to multiple virtual servers embedded within each back-end server machine, according to specific testing matrices. Based on this framework, we propose a two-mode detection mechanism using some dynamic thresholds to efficiently identify the attackers. The focus of this work lies in the detection algorithms proposed and the corresponding theoretical complexity analysis. We also provide preliminary simulation results regarding the efficiency and practicability of this new scheme. Further discussions over implementation issues and performance enhancements are also appended to show its great potentials.
机译:与传统的DoS攻击相比,旨在破坏应用程序服务而不是耗尽网络资源的Application DoS攻击已成为对网络服务的更大威胁。由于其与合法流量的高度相似性以及比传统的DDoS攻击低得多的启动开销,因此这种新的攻击类型无法通过现有的检测解决方案有效地检测或阻止。为了识别应用程序DoS攻击,我们提出了一种在后端服务器上部署的基于组测试(GT)的新颖方法,该方法不仅提供了获得短检测延迟和低假阳性/阴性率的理论方法,而且还提供了一种潜在的方法。抵御一般网络攻击的框架。更具体地说,我们出于实践目的首先扩展了具有大小限制的经典GT模型,然后根据特定的测试矩阵将客户端服务请求重新分配给嵌入在每台后端服务器计算机中的多个虚拟服务器。基于此框架,我们提出了一种使用一些动态阈值的双模式检测机制,以有效地识别攻击者。这项工作的重点在于提出的检测算法和相应的理论复杂性分析。我们还提供了有关该新方案的效率和实用性的初步仿真结果。关于实现问题和性能增强的进一步讨论也被附加以显示其巨大的潜力。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号