| 源端网络中SYN洪流攻击的自适应检测 |
| |
| 引用本文: | 于明,陈卫东,周希元.源端网络中SYN洪流攻击的自适应检测[J].武汉大学学报(理学版),2006,52(5):608-612. |
| |
| 作者姓名: | 于明 陈卫东 周希元 |
| |
| 作者单位: | 1. 西安电子科技大学,通信工程学院,陕西,西安,710071
2. 中国电子科技集团公司第54研究所,河北,石家庄,050081 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 根据TCP连接建立过程中SYN请求分组与SYN/ACK应答分组一一对应的特性,提出了一种针对SYN洪流攻击的源端网络自适应检测方法.该方法采用简单滑动平均算法对实时统计数据进行平滑,根据对检测统计量的均值和方差的在线估计自动调整检测门限,并利用连续累计检测法来降低突发网络异常对检测结果的影响.性能分析和仿真验证结果表明,在检测时延不超过6个采样周期的要求下,该方法可检测的最低攻击流量约为正常流量的30%,并且检测结果的虚警概率低于10^-6,漏警概率低于10^-2.
|
| 关 键 词: | 自适应检测 SYN洪流攻击 源端网络防御 |
| 文章编号: | 1671-8836(2006)05-0608-05 |
| 修稿时间: | 2006年3月12日 |
Adaptive Detection of SYN Flooding Attacks at Source-End Networks |
| |
| YU Ming,CHEN Weidong,ZHOU Xiyuan.Adaptive Detection of SYN Flooding Attacks at Source-End Networks[J].JOurnal of Wuhan University:Natural Science Edition,2006,52(5):608-612. |
| |
| Authors: | YU Ming CHEN Weidong ZHOU Xiyuan |
| |
| Abstract: | Based on the protocol behavior of TCP SYN SYN/ACK pairs,an adaptive detection method is proposed to detect SYN flooding attacks at source-end networks.In this method,the simple moving average algorithm is used to smooth the input statistical data,and the detection threshold is automatically adjusted according to on-line estimations of the mean and variance of the test statistic.Moreover,threshold violations are consecutively cumulated to reduce the disturbance of burst of network abnormalities.Performance analysis and simulation results show the minimum attack traffic that can be detected is about 30% of the legitimate traffic,with the probability of false alarm less than 10~(-6) and probability of a miss during the attacks less than 10~(-2),under the requirement that the detection delay be within 6 sampling periods. |
| |
| Keywords: | adaptive detection SYN flooding attacks source-end defense |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
