没有合适的资源?快使用搜索试试~ 我知道了~
首页基于主成分分析的低速率拒绝服务攻击检测方法
基于主成分分析的低速率拒绝服务攻击检测方法
0 下载量 143 浏览量
更新于2024-08-26
收藏 312KB PDF 举报
"面向流的低速率拒绝服务攻击检测" 这篇研究论文主要探讨了一种基于主成分分析算法的低速率拒绝服务(DoS)攻击检测方法。在网络安全领域,DoS攻击一直是对互联网构成严重威胁的问题之一。传统的DoS攻击通常表现为高流量的恶意数据包洪泛,然而,近年来,攻击者开始采用更难以检测的低速率攻击策略,这些攻击不易被察觉,但长期来看仍能导致网络服务的瘫痪。 论文中提出的检测方法是通过分析网络流来实现的,特别是针对低速率DoS攻击流。作者们利用主成分分析(PCA)算法来处理复杂的网络流,构建网络流量矩阵模型。该模型基于大量的数据采集,能够有效地提炼高维的网络流向量,简化数据结构,同时保持检测精度。 主成分分析是一种统计学方法,能够将多变量数据转换为一组线性不相关的变量,即主成分,从而减少数据的复杂性和冗余。在本研究中,PCA有助于识别网络流量中的异常模式,这些模式可能标志着低速率DoS攻击的发生。通过降低数据的维度,PCA减少了计算复杂度,使得实时监测和快速响应成为可能。 论文进一步通过模拟实验验证了所提方法的有效性。结果显示,该方法能成功地精简高维流量向量,确保检测准确度,并降低了计算需求。这表明,对于应对低速率DoS攻击,PCA算法提供了一种实用且高效的解决方案。 关键词:低速率拒绝服务;主成分分析;网络流;检测 该研究为网络安全提供了新的视角,强调了对低速率DoS攻击的防范,并提出了一种利用机器学习技术,特别是PCA,来增强检测能力的方法。这种方法不仅提高了检测的准确性,还降低了系统资源的消耗,对未来的网络防御策略具有重要的参考价值。
资源详情
资源推荐
v
1
¼ arg max
v
jj¼
1
jj
Xvjj (2)
where ||Xv|| represents the energy of raw data. As mentioned earlier, the first principal component rep-
resents the direction of the maximum data variation, which reflects the maximal energy of the raw data.
Therefore, the PCA algorithm is used to reduce the dimensionality of network traffic for the pur-
pose of detecting LDoS attacks.
2.2. Network traffic matrix model
Available research results show that the actual netwo rk traffic is a collection of Open Supervised
Device Protocol (OSDP) (origin source, destination source, origin port, and destination port) flows,
and the link flows in network are mutuall y dependent [11]. A single IP flow can be uniquely marked
by using a set of four parameters, which are source address, source port, destination address, and
destination port in network. The data in OSDP flow is obtained by sampling this IP flow within a
certain time interval. For a scenario, observing a traffic that is generated by a client with a source
address 10.1.20.4 accessing port 20 of a server, the number of packets within 1 s is obtained by sam-
pling this access traffic with a sample interval of 200 ms. The packet number of five times sampling
can be expressed in the vector form as [128,131,134,129,131]. Therefore, studying on OSDP flows
is a direct approach of netwo rk traffic research. This approach is not to study the flow of entire links
but OSDP flow collection. The entire link flows are linked with OSDP flows through the established
network traffic matrix model. Hence, the study on OSDP flows is helpful for better analysis of
LDoS attack traffic. For LDoS attacks detection, a single source of normal flow and a single source
of LDoS attack flow are sampled and recorded in the OSDP flow with a vector form. Flow simula-
tion results show a big difference between normal flows and attack flows [11].
To set up a matrix model of network traffic, the time sequence of all OSDP flows in a network is
represented by X, which is a matrix with the dimension of m n, where n is the total number of
OSDP flows in the target network and m is the number of packets at sample time t in each link.
In mathematics, a matrix space can be seen as an n-dimensional hyperplane with base vectors mu-
tually orthogon al [12]. Therefore, a single OSDP flow is expressed as X
j
, j =1,2,⋯, n, and base
vector is represented as B
j
, j =1,2,⋯, n. The sample values at time t for one OSDP flow can be seen
as the points in n-dimensional hyperplane. v expresses the vector set, which contains all vectors
generated from the origin to various points in the matrix space. Wherein, a single vector is repre-
sented as v
i
, i =1,2,⋯, m, v
i
∈ v. After that, X
j
can be seen as a set of all v
i
projection values in
B
j
. The projection values are donated as p
j
, j =1,2,⋯, n. Because the trend of the normal flow
changing with time is stabilized, that is, the modulus value of the eleme nts in v is plateaued. Then,
the set of projection values p
j
is also stabilized. On the basis of the aforementioned analysis, the first
main vector is calculated according to the traf fic matrix points to the direction of the data maximum
variability, that is, the densest direction of space point s [12]. Therefore, the main eigenvector re-
flects the change trend of the projection value in the direction of each base vector at any time.
For the network server, increasing or decreasing the number of user connections (OSDP flow) will
affect the hyperplane dimension, in which the spatial point set is located. Meanwhile, the number of
user connections has less influence on the direction that first eigenvector points to, where the most
intensive spatial point set is located and the trend of the eigenvector changing with time. Therefore,
the aforementioned analysis is propitious to reduce the impact of varied network environment on
the detection of LDoS attacks.
3. EXPERIMENT AND RESULT ANALYSIS
Network traffic modeling is needed for detection of LDoS attacks by using PCA algorithm. The net-
work traffic matrix can be built by using the single source sampled data of normal traffic and LDoS
attack flows. In order to complete the test on the proposed approach, many function tools are used.
Besides commercial tools, the LDoS attack launch tool and the detection and evaluation tool are
developed. The detection tool is developed by using PCA-based detection algorithm.
The network experimental environment is set up as shown in Figure 1.
132 Z. WU, R. HU AND M. YUE
Copyright © 2014 John Wiley & Sons, Ltd. Int. J. Commun. Syst. 2016; 29:130–141
DOI: 10.1002/dac
剩余11页未读,继续阅读
weixin_38610573
- 粉丝: 3
- 资源: 919
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 最优条件下三次B样条小波边缘检测算子研究
- 深入解析:wav文件格式结构
- JIRA系统配置指南:代理与SSL设置
- 入门必备:电阻电容识别全解析
- U盘制作启动盘:详细教程解决无光驱装系统难题
- Eclipse快捷键大全:提升开发效率的必备秘籍
- C++ Primer Plus中文版:深入学习C++编程必备
- Eclipse常用快捷键汇总与操作指南
- JavaScript作用域解析与面向对象基础
- 软通动力Java笔试题解析
- 自定义标签配置与使用指南
- Android Intent深度解析:组件通信与广播机制
- 增强MyEclipse代码提示功能设置教程
- x86下VMware环境中Openwrt编译与LuCI集成指南
- S3C2440A嵌入式终端电源管理系统设计探讨
- Intel DTCP-IP技术在数字家庭中的内容保护
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功