摘要
针对现有DoS攻击检测算法中检测率较低,检测时间较长的问题,提出一种基于高阶统计量的DoS攻击检测算法.算法分割并量化网络流量数据包,提取累积量特征,将累积量应用到DoS攻击检测中.通过分析1998DARPA入侵检测数据集,该算法能够有效检测DoS攻击.相对于传统基于网络流量熵值的异常检测法,该算法在检测精度上有较大提高,在1 s的时间窗口内,检测率提高了8%.
To solve the problem of low detection rate and long detection time of the existing DoS attack detection algorithm,a DoS attack detection algorithm was proposed based on higher-order statistics. The network traffic data packets were segmented and quantified in the algorithm. Followed,the characteristics of the accumulation was extracted which was applied to the detection of DoS attacks. By analyzing the 1998 DARPA intrusion detection data set,the algorithm can effectively detect DoS attacks. Compared with the traditional anomaly detection method entropy based on network traffic,the detection accuracy is greatly improved. In the time window of 1 s,the detection rate increases by 8%.
出处
《北京工业大学学报》
CAS
CSCD
北大核心
2017年第9期1328-1334,共7页
Journal of Beijing University of Technology
基金
国家自然科学基金资助项目(61602052
61070204)
关键词
网络安全
DOS攻击
入侵检测
累积量
network security
DoS attack
intrusion detection
accumulation
作者简介
王秀娟(1979-),女,讲师,主要从事机器学习、信号与信息处理、网络安全方面的研究,E-mail:xjwang@bjut.edu.cn
