Method for one-step forecasting Kalman filtering detection of LDoS attack

A Kalman filtering and detection method technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problem of insufficient detection rate

Inactive Publication Date: 2009-11-11
吴志军 +1
View PDF1 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0019] In order to overcome the defect that the detection rate of the existing detection method is not high enough, the present invent

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for one-step forecasting Kalman filtering detection of LDoS attack
  • Method for one-step forecasting Kalman filtering detection of LDoS attack
  • Method for one-step forecasting Kalman filtering detection of LDoS attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] 1. in figure 2 In the simulated LDoS scenario, the router is Cisco2621, and the bottleneck bandwidth between routers is 10Mbps. Other equipment configurations are shown in the table below:

[0039] machinary code

IP address

operating system

Attacker1

192.168.20.23

Red Hat 9.0

Attacker2

192.168.20.24

Red Hat 9.0

legitimate user 1

192.168.20.25

Windows 2000

legitimate user 2

192.168.20.26

Windows 2000

Victim

192.168.40.8

Red Hat 9.0

[0040] Let the legitimate user establish an FTP connection with the victim (Victim) server normally, monitor the traffic changes on the user end and the server end, wait for 180s after the flow is stable, and the Attacker launches an LDoS-based attack, and the duration of each attack is 540s, and then let the legitimate user The user normally downloads 180s, and so on. Reasonably set the parameter A (200ms, 5Mbps, 1s, 540) of the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Low-rate denial of service LDoS attack is novel DoS attack. The low-rate denial of service LDos attack transmits periodic pulse attack to a sufferer by utilizing a TCP protocol retransmission time outmechanism. The average attack rate of the LDoS is lower, so the LDoS can evade a traditional detection method. Aiming at the LDoS attack, the invention provides a detection method based on Kalman filtering. The method comprises the following steps: firstly, setting a detection period to sample the flow rate of a suffered terminal; then, carrying out wavelet transformation to sample data and utilizing a wavelet coefficient to extract a waveform trend; afterwards, adopting a Kalman filtering algorithm to take an error value of one-step forecasting and maximum likelihood estimation as an evidence for detecting mutation; and finally, utilizing t hypothesis detection to judge the initiation and the termination of the attack. A test result shows that the method provided by the invention can effectively detect the LDoS attack.

Description

technical field [0001] The invention relates to a detection method for low-rate denial of service LDoS (Low-rate Denial of Service) attack, which belongs to the technical field of intrusion detection (Intrusion Detection) in the field of computer network security. Background technique [0002] Denial of Service (Denial of Service) attacks and distributed denial of service DDoS (Distributed Denial of Service) attacks are currently the biggest threat facing the Internet. The traditional denial of service attack is mainly to send massive data packets through the attacking machine, consume the network resources or computing resources of the target server, and make the user unable to use the server resources to achieve the purpose of denial of service. This type of attack is called flooding Denial of service FDoS (Flood DoS) attack, typical examples include SYN / ACK flood attack, UDP flood attack, ICMP flood attack, etc. At present, there are many detection and defense methods fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L12/56H04L29/06H04L12/811
Inventor 吴志军岳猛
Owner 吴志军
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap