东南大学学报(自然科学版)2017,Vol.47Issue(z1):9-13,5.DOI:10.3969/j.issn.1001-0505.2017.S1.002
面向IDS的DDoS攻击检测真实性分析
Authenticity analysis on DDoS attack detection for IDS
摘要
Abstract
To solve the problem that IDS can not be effectively used for DDoS attack response due to the uncertainty of its detection results,an algorithm for testing the authenticity of DDoS attack detec-tion results given by IDS is proposed.Firstly, by analyzing the typical attack detection cases, the causes of IDS misjudgment on DDoS attacks are studied.Secondly,according to these reasons,a set of characteristics of real DDoS attack is proposed,including source address forgery,inconsistency of message characteristic measure,etc.These features can be described by formal methods and can sup-port the authenticity analysis of DDoS detection results of IDS.Finally,based on the set of rules es-tablished by using these features,an algorithm to determine the authenticity of each DDoS attack de-tection result of IDS is given and applied on an IDS that takes flow records as data sources and works on large network boundaries.The operation results based on actual network traffic show that the pro-posed algorithm can accurately and effectively correct the misjudgment generated by the IDS detec-tion method based on the rule matching.关键词
DDoS检测/攻击误判/源地址分析/威胁响应Key words
DDoS detection/attack misjudgment/source address analysis/threat response分类
信息技术与安全科学引用本文复制引用
李盼辉,丁伟,任文韬,夏震..面向IDS的DDoS攻击检测真实性分析[J].东南大学学报(自然科学版),2017,47(z1):9-13,5.基金项目
国家自然科学基金资助项目(61602114). (61602114)
