欢迎您!东篱公司
退出
-
申报数据库
-
立项数据库
-
成果数据库
-
项目获奖数据库
中文摘要:
基于当前入侵检测技术在检测到攻击的情况下没有良好的反应蓑略过滤攻击流量这一问题,提出了基于攻击流量特征聚类的特征提取算法AFCAA(anomaly traffic character aggregation algorithm).针对一般DOS(denial of service)/DDOS(distributed denial of service)攻击流数据包头中具有某些相似的特性,AFCAA通过运用重心原理进行统计聚类,在一定的欧氏距离范围内对基于目的IP的攻击流样本相应字段进行聚类划分,动态地提取出攻击流的重心作为攻击的特征.然后,及时地把其特征传输给Net Filter,可以进行高效的过滤,并保护正常流量的传输.实验结果表明,对当前流行的多种拒绝服务攻击,应用AFCAA系统的软件路由器都能够较准确地获取异常流量的特征,从而有效地进行过滤,减少攻击包传播的危害,保护有限的网络资源.
英文摘要:
Under the situation of detecting attacks, current IDSs have no good reacting strategy to filter attack traffic. Based on network attacks' traffic characters, an anomaly traffic character aggregation algorithm (AFCAA) is put forward. Because normal DOS (denial of service)/DDOS (distributed denial of service) attack traffic has some characters in their packets' head, AFCAA uses the center of gravity theory to process statistic aggregation and aggregation partition based on the special field of the destination IP attack traffic in a fixed Euclid distance, and then it distills the center of attack traffic dynamically as the characters of attacks. Afterwards, through transmitting these characters to Net Filter, AFCAA can filter abnormal packets efficiently and protect the normal packet transmission. The experimental results show that the software router using AFCAA can efficiently find useful characters of prevalent DOS/DDOS attacks, reduce the harm of attack packets' spreading, and protect the limited network resources.
位置:
同期刊论文项目
