东南大学学报(自然科学版)2017,Vol.47Issue(z1):20-24,5.DOI:10.3969/j.issn.1001-0505.2017.S1.004
基于综合评分的DDoS检测分析报告系统
DDoS detection and analysis system based on comprehensive scoring
摘要
Abstract
Aiming at the problem that the distributed denial of service(DDoS)attacks often use va-rious methods, a comprehensive scoring algorithm is designed.The algorithm can combine several detection algorithms and give a comprehensive score to alarm the attacks.Due to that current DDoS detection algorithms can not provide the specific features of the attacks, an Apriori-Geo-AS algo-rithm and Kolmogorov-Smirnov test based port usage pattern classification algorithm are designed. By improving the Apriori algorithm,the source-address,port and geographic location information of the attack source are extracted more effectively.Compared the port usage pattern with the ideal port usage pattern through the Kolmogorov-Smirnov test,the attacker摧s port usage pattern is further deter-mined.Experimental results show that the comprehensive scoring based detection algorithm can achieve a false alarm rate of less than 0.2%.An analysis on the attack case in Tsinghua University campus network demonstrates the effectiveness of the attack analysis.关键词
分布式拒绝服务攻击/异常检测/Apriori-Geo-AS算法/Kolmogorov-Smirnov检验Key words
distributed denial of service/anomaly detection/Apriori-Geo-AS algorithm/Kolmog-orov-Smirnov test分类
信息技术与安全科学引用本文复制引用
李星,刘骥琛,张千里..基于综合评分的DDoS检测分析报告系统[J].东南大学学报(自然科学版),2017,47(z1):20-24,5.基金项目
国家重点研发计划资助项目(2017YFB0503703). (2017YFB0503703)
