分布式拒绝服务(distributed denial of service,简称DDoS)攻击是当今互联网的重要威胁之一.基于攻击包所处网络层次,将DDoS攻击分为网络层DDoS攻击和应用层DDoS攻击,介绍了两类攻击的各种检测和控制方法,比较了处于不同部署位置控制方法的优劣.最后分析了现有检测和控制方法应对DDoS攻击的不足,并提出了DDoS过滤系统的未来发展趋势和相关技术难点.
Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users' private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTI'P traffic and select four features. Then, it pres- ents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false- positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems.
