server隐士ddos
隐士ddos 时间:2021-01-13 阅读:()
DetectingDDoSattackbasedonPSOClusteringalgorithmXiaohongHao1,a,BoyuMeng1,b,KaichengGu1,c1SchoolofComputer&Communication,LanZhouUniversityofTechnology,Lanzhou730050a;316475958@qq.
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
- server隐士ddos相关文档
- 联网隐士ddos
- SPCIFICATIONS隐士ddos
- unrelated隐士ddos
- contact隐士ddos
- including隐士ddos
- chiffres隐士ddos
VirtVPS抗投诉瑞士VPS上线10美元/月
专心做抗投诉服务器的VirtVPS上线瑞士机房,看中的就是瑞士对隐私的保护,有需要欧洲抗投诉VPS的朋友不要错过了。VirtVPS这次上新的瑞士服务器采用E-2276G处理器,Windows/Linux操作系统可选。VirtVPS成立于2018年,主营荷兰、芬兰、德国、英国机房的离岸虚拟主机托管、VPS、独立服务器、游戏服务器和外汇服务器业务。VirtVPS 提供世界上最全面的安全、完全受保护和私...
JustHost,最新高性价比超便宜俄罗斯CN2 VPS云服务器终身8折优惠,最低仅8元/月起,200Mbps带宽不限流量,五大机房自助自由切换,免费更换IP,俄罗斯cn2vps怎么样,justhost云服务器速度及综合性能详细测评报告
主机参考最新消息:JustHost怎么样?JustHost服务器好不好?JustHost好不好?JustHost是一家成立于2006年的俄罗斯服务器提供商,支持支付宝付款,服务器价格便宜,200Mbps大带宽不限流量,支持免费更换5次IP,支持控制面板自由切换机房,目前JustHost有俄罗斯5个机房可以自由切换选择,最重要的还是价格真的特别便宜,最低只需要87卢布/月,约8.5元/月起!just...
DediPath($1.40),OpenVZ架构 1GB内存
DediPath 商家成立时间也不过三五年,商家提供的云服务器产品有包括KVM和OPENVZ架构的VPS主机。翻看前面的文章有几次提到这个商家其中机房还是比较多的。其实对于OPENVZ架构的VPS主机以前我们是遇到比较多,只不过这几年很多商家都陆续的全部用KVM和XEN架构替代。这次DediPath商家有基于OPENVZ架构提供低价的VPS主机。这次四折的促销活动不包括512MB内存方案。第一、D...
隐士ddos为你推荐
-
海外虚拟主机空间国外虚拟主机和国内空间的差别?美国主机租用租用美国服务器有什么优势?域名代理怎样通过卖域名赚钱?广东虚拟主机大家推荐一下广东地区稳定的IDCvps虚拟主机VPS主机、虚拟主机和云主机 它们之间有什么区别?它们哪一个比较好?域名备案查询如何查看网站备案已经成功中文域名注册查询域名还分中文和英文的吗,在哪里可以查到中文域名到期了?美国服务器托管美国服务器托管好还是租用好空间域名空间域名什么意思域名申请申请域名需要哪些流程具体点 谢谢