| 基于熵的DDoS攻击检测系统设计与实现 |
| |
| 引用本文: | 赵鹏,马斌,李一鹏.基于熵的DDoS攻击检测系统设计与实现[J].河北工程技术职业学院学报,2013(3):54-57. |
| |
| 作者姓名: | 赵鹏 马斌 李一鹏 |
| |
| 作者单位: | 河北省电力公司,石家庄050021 |
| |
| 摘 要: | 通过实时采集数据包并进行分析处理,实时统计数据包中SYN在TCP中的比率、UDP的收包速率、ICMP的收包速率。根据系统正常运行时所设定的阈值实现针对DDoS中SYNFlood、UDPFlood、ICMPFlood三种形式攻击的检测。当连续超过阈值3秒后。系统自动统计收到的数据包,找到数据包的来源。并通过信息熵算法分析攻击源是随机伪造IP源攻击还是单一攻击源。
|
| 关 键 词: | DDoS攻击 IP报文结构 TCP报文结构 信息熵 |
Design and Implementation of DDos Attack Detection System Based on Entropy |
| |
| Authors: | ZHAO Peng MA Bin LI Yi-peng |
| |
| Institution: | (Hebei Electric Power Corporation,Shijiazhuang 050021, China) |
| |
| Abstract: | By analyzing and processing of real-time data packets,real-time ratio of SYN and TCP and rate of UDP and ICMP are computed. Three forms of DDos attack: SYNFlood,UDPFlood,ICMPFlood are detected based on the threshold of system during normal operation. The system automatic counts the received data packets and finds out their sources after three seconds over the threshold. According to the information entropy algorithm,random counterfeit IP attack source or a single attack source is analyzed. |
| |
| Keywords: | DDos attack IP message structure TCP message structure information entropy |
| 本文献已被 维普 等数据库收录! |
