https ddos检测——研究现状
from: https://jyx.jyu.fi/bitstream/handle/123456789/52275/1/URN%3ANBN%3Afi%3Ajyu-201612125051.pdf
相关文献汇总如下:
S1 Eliseev and Gurina (2016) Algorithms for network server anomaly behavior detection without traffic content inspection ACM 1
S2 Zolotukhin et al. (2016b) Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic Scopus 1
S3 Zolotukhin et al. (2016a) Increasing Web Service Availability by Detecting Application-Layer DDoS Attacks in Encrypted Traffic IEEE, Scopus 1
S4 Zolotukhin et al. (2015) Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol Scopus 1
S5 Petiz et al. (2014) Detecting DDoS Attacks at the Source Using Multiscaling Analysis IEEE 1
S6 Wang et al. (2015) DDoS attack protection in the era of cloud computing and Software-Defined Networking ScienceDirect 1
S7 Hoeve (2013) Detecting Intrusions in Encrypted Control Traffic ACM 1
S8 Amoli and Hämäläinen (2013) A Real Time Unsupervised NIDS for Detecting Unknown and Encrypted Net- work Attacks in High Speed Network IEEE 1
S9i Das, Sharma, and Bhattacharyya (2011) Detection of HTTP Flooding Attacks in Multiple Scenarios ACM 0
S10i Shiaeles et al. (2012) Real time DDoS detection using fuzzy estimators ScienceDirect 0
S11 Chen, Chen, and Delis (2007) An Inline Detection and Prevention Framework for Distributed Denial of Service Attacks Scopus 1
S12i Lee et al. (2008) DDoS attack detection method using cluster analysis ScienceDirect 0
S13i Caulkins, Lee, and Wang (2005) A Dynamic Data Mining Technique for Intrusion Detection Systems ACM 0
S14 Abimbola, Shi, and Merabti (2003) NetHost-Sensor: A Novel Concept in Intrusion Detection Systems IEEE 0
加密的检测手段:
Table 11. Detection methods in encrypted networks from included studies Study
Detection method Strategy Features
[S1] Correlation functions & MLP Statistical analysis & Classification Server response rate metrics
[S2] Fuzzy c-means Fuzzy clustering Statistics and data from packet headers
[S3] Single-linkage, Kmeans, fuzzy c-means, SOM, DBSCAN & SAE Classification (NN) & clustering Statistics and data from packet headers
[S4] DBSCAN, K-means, k-NN, SOM, SVDD Clustering Packet header statistics
[S5] Multiscaling Analysis Statistical analysis Number of packets & average energy per timescale
[S6] Probabilistic inference graphical model Bayesian networks Chow-Liu algorithm for feature decision
[S7] Edit distance -based searching Statistical analysis & clustering time, size and direction of the packet
[S8] DBSCAN Statistical analysis & clustering Packet header and flow data in different resolutions
[S11] Signatures & stateful protocol analysis Signature & stateful protocol analysis TCP, UDP and ICMP packet headers and statistics as well as payload
[S14] Snort signatures Signature & system call sequence analysis packet payload
非加密的检测:
Table 12. Applicable methods from non-encrypted research in included studies Study
Detection method Strategy Features
[S9i] Statistical analysis, pattern disagreement and projected clustering Statistical analysis and clustering TCP header data & packet rate per interval
[S10i] Fuzzy estimator Statistical analysis Mean time between network packets
[S12i] Hierarchical clustering Clustering TCP header information & number of packets
[S13i] Classification tree Classification TCP header data
详细分析:
《Algorithms for network server anomaly behavior detection without traffic content inspection》目标是检测异常:
[S1] Eliseev and Gurina (2016) use correlation functions of data block size & number of packets per time unit observed from the webserver. They use long time intervals, i.e. three weeks of real data to train. They propose two algorithms. The first looks at the Pearson correlation coefficient between cross-correlation functions in a similar time interval in the current and training sets. The second algorithm uses a multilayer perceptron (MLP) with Levenberg-Marquardt algorithm to train and test the current cross-correlation functions. A threshold for the reconstruction error is set to determine an anomalous function. They say that these algorithms can be easily implemented as a lightweight DDoS HIDS in IoT devices. The method uses both statistical analysis and classification.
S2 Zolotukhin et al. (2016b) Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic Scopus 1
[S2] Zolotukhin et al. (2016b) propose a method for detecting DDoS attacks in encrypted network traffic in both offline and online case using fuzzy c-means clustering algorithm. In the method, they train the system with flow information such as conversation length, packet velocity, packet size averages, and flags. They build feature vectors form the information by also normalizing the values with min-max normalization. They have two different versions of the algorithm: an online and an offline version. The tests of the method are conducted using the Realistic Global Cyber Environment (RGCE), where the attacks can be simulated as realistically as possible. Slowloris, SSLsqueeze, and some advanced DDoS attacks were tested in the system and they found that the trivial cases such as Slowloris and SSLsqueeze were detected nearly 100% of the time, whereas the advanced DDoS attacks had only 70% accuracy when keeping the false positives to the minimum. Categorical classification of this method is clustering.
S3 Zolotukhin et al. (2016a) Increasing Web Service Availability by Detecting Application-Layer DDoS Attacks in Encrypted Traffic IEEE, Scopus 1
[S3] Zolotukhin et al. (2016a) study the application layer DDoS attacks in encrypted network traffic employing hierarchical, centroid- and density-based clustering algorithms and stacked auto-encoder (SAE). The features for clustering come from the packet header infor-mation and conversation to the server by each user. The conversations are mended together
S4 Zolotukhin et al. (2015) Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol Scopus 1
[S4] Zolotukhin et al. (2015) present a clustering-based anomaly-based detection method
S5 Petiz et al. (2014) Detecting DDoS Attacks at the Source Using Multiscaling Analysis IEEE 1
S6 Wang et al. (2015) DDoS attack protection in the era of cloud computing and Software-Defined Networking ScienceDirect 1
S7 Hoeve (2013) Detecting Intrusions in Encrypted Control Traffic ACM 1——感觉这种方法比较有效,先按照报文统计进行聚类,相同类别计算报文的编辑距离来判断内容相似性。
[S7] Hoeve (2013) explore an intrusion detection method for encrypted control traffic. A
S8 Amoli and Hämäläinen (2013) A Real Time Unsupervised NIDS for Detecting Unknown and Encrypted Net- work Attacks in High Speed Network IEEE 1——没懂。。。
[S8] Amoli and Hämäläinen (2013) have designed an NIDS to work with large amounts of
S9i Das, Sharma, and Bhattacharyya (2011) Detection of HTTP Flooding Attacks in Multiple Scenarios ACM 0
S10i Shiaeles et al. (2012) Real time DDoS detection using fuzzy estimators ScienceDirect 0
[S10i] Shiaeles et al. (2012) propose a detection method that uses the packets arrival times
S11 Chen, Chen, and Delis (2007) An Inline Detection and Prevention Framework for Distributed Denial of Service Attacks Scopus 1
S12i Lee et al. (2008) DDoS attack detection method using cluster analysis ScienceDirect 0
S13i Caulkins, Lee, and Wang (2005) A Dynamic Data Mining Technique for Intrusion Detection Systems ACM 0
转载于:https://www.cnblogs.com/bonelee/p/9627699.html
https ddos检测——研究现状相关推荐
- CC 攻击检测研究现状
网络层ddos 是让去往银行的道路交通变得拥堵,无法使正真要去银行的人到达:常利用协议为网络层的, 如tcp(利用三次握手的响应等待及电脑tcp 连接数限制)等 应用层ddos 则是在到达银行后通过增 ...
- 机器人技术-机器人避障研究现状
机器人避障研究现状 1.无人机避障 目前主流的无人机避障导航有三种实现方式:使用超声波的方法.使用 TOF 的方法,以及使用视觉图像处理的避障导航方法.前两种为非视觉传感器避障,后一种为新兴的视觉传感 ...
- 故障电弧检测技术现状及难点
1. 国内故障电弧检测研究现状 国内对故障电弧的危害认识较晚,对电弧的理论研究及保护装置研究也起步较晚.但近年来故障电弧对我国人民的生活和工业生产造成了严重的损失,这引起了很多学者的重视,很多高校和公 ...
- 缺点 霍夫圆_基于机器视觉的磁环表面缺陷检测研究
基于机器视觉的磁环表面缺陷检测研究 [摘要]:我国是磁性材料制造生产大国,磁材生产企业众多.目前,大多数磁材生产企业仍采用传统的人工对磁材进行尺寸测量与缺陷检测.随着我国产业制造的不断转型升级,企业对 ...
- 基于卷积神经网络的多目标图像检测研究(一)
摘 要 目标检测任务简单来说是在图片或视频中指出多个特定目标并以方框形式给出这些物体在图片中的位置和大小.它与我们的生活密切相关,它被广泛应用于安全识别.无人驾驶.医疗诊断.图像检索等领域,并且未来将 ...
- 图像检测技术的研究现状
图像检测技术的研究现状 技术检测 图像处理知识库 · 2016-01-08 19:59 图像检测技术的研究现状 所谓图像检测,就是通过图像对感兴趣的特征区域(检测目标)进行提取的过程,其中图像是承载检 ...
- 目标检测的国内外研究现状
国内外目标检测的研究现状正在迅速发展,特别是在深度学习方面,已经取得了显著的进展.最近,基于深度学习的目标检测技术,如Faster R-CNN.YOLO.SSD等,已经被广泛应用于人工智能领域,取得了 ...
- 论文研究 | 基于机器视觉的 PCB 缺陷检测算法研究现状及展望
前面分享了机器视觉在汽车行业与交通行业的应用,其实机器视觉在工业上的应用是最广泛也是最具挑战性的,其中PCB板缺陷检测一直是机器视觉待攻克的难题.印刷电路板(PCB)是电子零件的基板,需求量极大,承载 ...
- 软件测试方法国内外研究现状,恶意软件检测的国内外研究现状
恶意软件检测的国内外研究现状 文献综述 恶意软件检测方法 基于行为 Analysis of Machine Learning Techniques Used in Behavior-Based Mal ...
最新文章
- css工程化和浏览器兼容性问题
- GDCM:转储GEMS Ultrasound MovieGroup的测试程序
- MySQL与Python交互入门
- 将枚举类型的数据绑定到控件
- 华南理工大计算机博士毕业条件,华南理工大学博士毕业要求-2018年7月版.doc
- 抖音联合九大博物馆推出“云游”活动 网友可在家看展
- 【clickhouse】使用waterdrop将Hive中的数据导入ClickHouse
- Java每隔5秒查找redis_Redis利用Pipeline加速查询速度的方法
- 未开启3389实现远程桌面
- Linux获取管理员权限的相关命令
- 汇编语言编译器CmasmW的调试方法
- Nvidia GPU 最新计算能力表(CUDA Compute Capability)
- html5手机远程控制电脑,教你怎么用手机远程控制电脑
- win10 1809无法更新(扩展EFI分区)
- 新房和二手房税费比较
- python怎么读取石墨表格_用python和柳比歇夫工作法,自动做每周的周总结,导出周小节图表...
- 国家气象局天气预报中城市代码
- 文创雪糕火出圈!是真内卷还是真搞笑?
- V2V Data Offloading for Cellular Network Based on the SDN Inside MEC Architecture 学习笔记
- 纳米软件之电机自动测试系统
热门文章
- dig挖出DNS的秘密
- Linux 基础命令——比较两个文件内容的不同
- mysql怎么实现确认收货_Tp结合redis实现订单自动收货
- mysql忽略大小写配置cnetos_CentOS7下安装MYSQL8.X并设置忽略大小写
- cesium 经纬度绘制点_cesium结合geoserver利用WFS服务实现图层新增(附源码下载)
- java 递归return_java递归和反向递归
- 手机文件share.php,华为P10手机Huawei Share怎么用?一秒共享手机文件
- java编程器答疑z湖南岚鸿,吐血整理
- MySQL_Workbench使用
- 基础练习 十进制转十六进制