论文部分内容阅读
提出一种检测DoS/DDoS攻击(拒绝服务攻击/分布式拒绝服务攻击)的“Baseline”服务体系结构,并实现了其中关键的“Shepherd”检测算法。该体系结构通过把服务及其质量是否受到影响的判断指标交由具体的通信进程来定义而具有较强的适应性,可以与各种现有入侵检测系统很好地结合且不给宿主系统增加过多的开销。同时相比其他DoS/DDoS检测方式,Baseline服务无须对Internet路由基础设施作出更改来提供支持,是一种十分可行的DoS/DDoS检测方案。在理想情况下,Baseline服务可以做到对DoSDDoS入侵零误报。
A “Baseline” service architecture for detecting DoS / DDoS attacks (denial of service attacks / distributed denial of service attacks) is proposed and the crucial “Shepherd” detection algorithm is implemented. The architecture adapts well to various existing intrusion detection systems and does not increase the host system by defining whether the service and its quality are affected or not by referring to the specific communication process Too much overhead. Compared to other DoS / DDoS detection methods, the Baseline service is a viable DoS / DDoS detection solution without the need to make changes to the Internet routing infrastructure. Under ideal circumstances, the Baseline service can do zero false positives of DoSDDoS intrusions.