网络流单边连接密度的时间序列分析

Time Series Analysis for One-Way Connection Density of Network Flow

作者：徐图(西南交通大学信息科学与技术学院，四川成都610031)；何大可(西南交通大学信息科学与技术学院，四川成都610031)

Author：(School of Info. Sci. and Technol., Southwest Jiaotong Univ., Chengdu 610031,China)；(School of Info. Sci. and Technol., Southwest Jiaotong Univ., Chengdu 610031,China)

收稿日期：2006-07-03 年卷（期）页码：2007,39(3):136-140

期刊名称：工程科学与技术

Journal Name：Advanced Engineering Sciences

关键字：分布式拒绝服务攻击；单边连接密度；时间序列分析

Key words：distributed denial of service attack; One-Way Connection Density(OWCD); time series analysis

基金项目：四川省青年科技基金资助项目(07JQ0060)

中文摘要

检测分布式拒绝服务（DDoS）攻击的困难性在于攻击数据包与正常数据包并无本质上的区别，为了正确识别DDoS，需要找到它与正常流的根本区别。使用虚假源IP地址的攻击包能够耗尽目标主机的网络带宽和系统资源，却无法与目标机建立完整的双向通信。因此，用于直观反映网络流异常的单边连接密度(OWCD)概念被提出并用于识别DDoS攻击，同时对OWCD的时间序列的进行了分析，揭示了OWCD序列的性质，为利用这个指标来进行DDoS检测提供依据。实验表明，OWCD能直观地区分正常流和攻击流，其序列为白噪声序列，能够作为DDoS检测的独立指标。OWCD序列不仅能够检测DDoS攻击，还能反映攻击强度。

英文摘要

It is a critical problem to detect distributed denial service (DDoS) attack with low false positive and negative in Internet. However, precisely detecting DDoS attack is very difficult, because there isn’t an essential difference between attack flow and normal flow. Attack packets with spoofing source IP address, consuming out bandwidth and system resources of destination hosts, can’t build a two way connection with destination. From this view,a new conception to reflect the exception of network flow, One-Way Connection Density (OWCD), which can detect DDoS attack,was proposed. In order to understand the characters of OWCD series, the time series analysis of OWCD series was studied and the OWCD was used to detect DDoS. Experiments showed that OWCD series is a white noise series. It can not only detect DDoS attack, but also indicate attack intensity.

【关闭】

论文摘要

网络流单边连接密度的时间序列分析

Time Series Analysis for One-Way Connection Density of Network Flow