论文部分内容阅读
CC挑战黑洞(ChallengeCollapsar)是一种通过代理或僵尸主机发起的面向web服务器的DDoS分布式拒绝攻击。攻击者使用相对少量的并发请求,实现耗尽服务器资源的目的。本文通过分析互联网用户对web服务器的浏览行为和CC攻击者的攻击行为在服务器访问行为上的差异,建立URLHash命中表并且计算URL的离散度,快速区分攻击流量和正常用户流量。实验结果表明该方法快速有效地辨别攻击主机。
The CC Challenge Black Hole (ChallengeCollapsar) is a DDoS Distributed Denial of Attack for web server initiated by an agent or a bot host. An attacker uses a relatively small number of concurrent requests for the purpose of running out of server resources. In this paper, by analyzing the difference between the behavior of Internet users in browsing the web server and the attack behaviors of CC attackers in the server access behavior, we establish a URLHash hit table and calculate the discreteness of URL to quickly distinguish attack traffic and normal user traffic. The experimental results show that this method can distinguish the attack host quickly and effectively.