Detection method for distributed abnegation service aggression based on load prediction

A distributed rejection and load prediction technology, applied in the field of network security, can solve the problems of affecting the detection response time and the accuracy of the wavelet-neural network prediction model is not high enough, so as to reduce the delay of attack discovery, improve the accuracy of attack detection, and improve the timeliness Effect

Inactive Publication Date: 2009-07-29
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the accuracy of the wavelet-neural network prediction model established in this document is not high enough, which affects the detection response time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for distributed abnegation service aggression based on load prediction
  • Detection method for distributed abnegation service aggression based on load prediction
  • Detection method for distributed abnegation service aggression based on load prediction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The method of the present invention will be further described below in conjunction with the accompanying drawings.

[0052] The attack target of DDOS is the key server in the network, and the present invention adopts the number of concurrent connections as the measuring index to its load. For TCP-based services, the number of concurrent connections directly takes the number of Sockets. For DNS and other services that use UDP non-connection protocols, virtual connections can be used, and the five-tuple (protocol, source address, source port, destination address, destination port ) the same access as a connection, the effect is the same.

[0053] Let the time interval of sampling be Δt. Let x(i) represent the concurrency number of the i-th observation point, and X represent the time series of concurrent server connections, then

[0054] X = {x(1), x(2), x(3), ..., x(k), ...}

[0055] Constructs a historical series associated with forecasts from X.

[0056] Suppose the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a detection method of distributed denial of service attacks on the basis of load prediction, belonging to the technical field of network safety. The method comprises the steps of detecting a load value of a server, adopting the detection value to carry out load prediction, comparing the prediction value with an actual detection value, and judging whether an abnormal point exists and carrying out measures if so. The method is characterized in that: the steps adopting the detection value to carry out load prediction are that: 1) using a prediction method based on wavelet packets to carry out one-step prediction; 2) using the prediction method based on SVR to carry out one-step predication; and 3) using a nonlinear combination prediction method based on support vector regression to combine two single prediction results so as to obtain the final host-computer load prediction result. The detection method can improve the attack detection precision and effectively reduce the attack-discovering delay.

Description

technical field [0001] The invention relates to a method for detecting a network attack, in particular to a method for detecting a distributed denial of service attack based on load prediction, and belongs to the technical field of network security. Background technique [0002] Distributed Denial of Service (Distributed Denial of Service, DDoS) is a type of attack based on traditional Denial of Service (Denial of Serivce, DoS) attacks. Its principle is similar to DoS, except that it changes the one-to-one attack method of a single DoS, and uses more puppet machines to launch attacks and attack victims on a larger scale. DDoS attacks adopt a distributed and coordinated large-scale attack mode, which poses a great threat to the normal operation of the network. [0003] Typical DDoS attacks can be divided into two categories: direct DDoS attacks and reflective DDoS attacks. As shown in Figure 1. [0004] Figure 1(a) is a direct DDoS attack. The attacking host first invades...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06G06F17/50
Inventor 胡昌振姚淑萍
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap