[1]倪彤光,顾晓清,王洪元.基于时间序列分析的DNS服务器的DDoS攻击检测[J].常州大学学报(自然科学版),2015,(02):59-63.[doi:10.3969/j.issn.2095-0411.2015.02.013]
 NI Tong-guang,GU Xiao-qing,WANG Hong-yuan.Detection of DDoS Attack Towards DNS Server Based on Time Series Analysis[J].Journal of Changzhou University(Natural Science Edition),2015,(02):59-63.[doi:10.3969/j.issn.2095-0411.2015.02.013]
点击复制

基于时间序列分析的DNS服务器的DDoS攻击检测()
分享到:

常州大学学报(自然科学版)[ISSN:2095-0411/CN:32-1822/N]

卷:
期数:
2015年02期
页码:
59-63
栏目:
计算机与信息工程
出版日期:
2015-04-25

文章信息/Info

Title:
Detection of DDoS Attack Towards DNS Server Based on Time Series Analysis
作者:
倪彤光 顾晓清王洪元
(常州大学 信息科学与工程学院,江苏 常州 213164)
Author(s):
NI Tong-guangGU Xiao-qingWANG Hong-yuan
(School of Information Science and Engineering,Changzhou University,Changzhou 213164,China)
关键词:
DNS服务器分布式拒绝服务攻击时间序列自适应自回归支持向量机
Keywords:
DNS serverdistributed denial of service (DDoS)time seriesadaptive autoregressivesupport vector machine
分类号:
TP 393.08
DOI:
10.3969/j.issn.2095-0411.2015.02.013
文献标志码:
A
摘要:
分析了针对DNS服务器DDoS攻击的特征,提出了一种基于攻击流特征(AFC)时间序列的DDoS攻击检测方法。通过自适应自回归模型的参数拟合,将AFC时间序列变换为多维空间内的自适应自回归AAR模型参数向量序列,然后使用支持向量机进行分类。实验结果表明,该方法能有效检测针对DNS服务器的DDoS攻击。
Abstract:
Through the analysis of distributed denial of service (DDoS) attack towards the DNS server, a novel method to detect DDoS attack is proposed based on the AFC time series, which is defined by attack flow characteristics. By approximating the adaptive autoregressive model, the AFC time series are transformed into a multidimensional vector series. Furthermore, a support vector machine classifier is applied to identity the attacks. The experiment results show that this method can detect DDoS attacks effectively.

参考文献/References:


[1]Li Weimin,Cao Xiaoguang,Liu Fang,et.al. Improving DNS cache to alleviate the impact of DNS DDoS attack [J]. Journal of Networks,2011,6 (2):279-286.
[2]陈玉明,谢斐星,吴克寿,等.基于邻域关系的网络入侵检测特征选择[J].常州大学学报(自然科学版),2014,26(3):1-5.
[3]蔡艳婧,程晓红,程显毅.网络敏感信息动态特征的抽取方法[J].常州大学学报(自然科学版),2014,26(4):80-85.
[4]张永铮,肖军. DDoS攻击检测和控制方法[J].软件学报,2012,23(8):2058-2072.
[5]徐阳.基于概率事件的无线传感网络能耗分析研究[J].常州信息职业技术学院学报,2014,13(3):33-35.
[6]Ye Xi,Ye Yiru. A Practical Mechanism to Counteract DNS Amplification DDoS Attacks [J]. Journal of Computational Information Systems,2013,9 (1):265–272.
[7]Subbulakshmi T,Shalinie S M,Ramamoorthi A. Detection and classification of DDoS attacks using machine learning algorithms [J].European Journal of Scientific Research,2010,47(3):334-346.
[8]Farid D,Rahman S,Rahman C. Adaptive Intrusion Detection based on Boosting and Nave Bayesian Classifier[J]. International Journal of Computer Applications,2011,24(3):12-19.
[9]Wang W,Wu W.Online Detection of Network Traffic Anomalies Using Degree Distributions [J]. International Journal of Communications,Network and System Sciences,2010,3 (2):177-182.
[10] Peng T,Leckie C,Kotagiri R. Proactively detecting distributed denial of service attacks using source IP address monitoring[C]//Proc of the 3rd Int IFIP-TC6 Networking.Berlin:Springer Verlag,2004:771-782.
[11] 孙钦东,张德运,高鹏. 基于时间序列分析的分布式拒绝服务攻击检测[J]. 计算机学报,2005,28(5):767-773.
[12] 顾晓清,王洪元,倪彤光,等. 基于时间序列分析的应用层DDoS攻击检测 [J]. 计算机应用,2013,33(8):2228-2231.
[13]Vapnik V. The Nature of Statistical Learning Theory [M]. NewYork:Springer Verlag,1995.
[14] Marina Throttan. Adaptive Thresholding for Proactive Network Problem Detection[C]//Proc of IEEE Internation Workshop on System Management,Rhode Island.NewYork:Springer Verlag,1998:108-116.
[15]Rastegari S,Saripan M I,Rasid M F. A detection of denial of service attacks against domain name system using neural networks [J].UCSI International Journal of Computer Science,2009,15 (1):23-27.
[16]Nasibov E,Peker S,Time series labeling algorithms based on the K-nearest neighbors′ frequencies[J].Expert Systems with Applications,2011,38 (5):5028-5035.

备注/Memo

备注/Memo:
国家自然科学基金项目(61070121)。
更新日期/Last Update: 2015-05-20