计算机应用研究2012,Vol.29Issue(6):2249-2252,4.DOI:10.3969/j.issn.1001-3695.2012.06.066
基于时间序列分析的SYN Flooding源端检测方法
Detection method against SYN Flooding attacks based on source end by analysis of time series
摘要
Abstract
This paper proposed a method of detecting DDoS attacks based on source end by analyzing the abrupt change of time series data. By detecting and predicting the data flow in the Internet at source end, the method could judge whether SYN Flooding was occurred or not for providing the foundation for the victim end. It extracted the characteristic information of data flow by using the self-similarity of network traffic flow and Bloom Filter algorithm, so that it could construct the time series of the network traffic flow and build the auto-regressive( AR) forecasting model. By dynamically forecasting traffic flow and coin-paring with definite threshold, pre-alert was sent and response was ahead adopted. The experimental results show that the scheme can count the number of the data packages and the number of the new IP data packages with the better detection rate and lower misinformation rate, besides, it can predict the traffic flow in the next period even several periods correctly, which can provide strong support for effectively defending against SYN Flooding attacks.关键词
时间序列/Bloom Filter/自回归模型/SYN Flooding/源端Key words
time series/Bloom Filter/auto-regressive model/SYN Flooding/source end分类
信息技术与安全科学引用本文复制引用
王朝辉,苏旸..基于时间序列分析的SYN Flooding源端检测方法[J].计算机应用研究,2012,29(6):2249-2252,4.基金项目
陕西省自然科学基金资助项目(2010JM8034) (2010JM8034)
武警工程大学基金资助项目(wjy201027) (wjy201027)
