server隐士ddos
隐士ddos 时间:2021-01-13 阅读:()
DetectingDDoSattackbasedonPSOClusteringalgorithmXiaohongHao1,a,BoyuMeng1,b,KaichengGu1,c1SchoolofComputer&Communication,LanZhouUniversityofTechnology,Lanzhou730050a;316475958@qq.
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
- server隐士ddos相关文档
- 联网隐士ddos
- SPCIFICATIONS隐士ddos
- unrelated隐士ddos
- contact隐士ddos
- including隐士ddos
- chiffres隐士ddos
RAKSmart VPS主机半价活动 支持Windows系统 包含香港、日本机房
RAKSmart 商家最近动作还是比较大的,比如他们也在增加云服务器产品,目前已经包含美国圣何塞和洛杉矶机房,以及这个月有新增的中国香港机房,根据大趋势云服务器算是比较技术流的趋势。传统的VPS主机架构方案在技术层面上稍微落后一些,当然也是可以用的。不清楚是商家出于对于传统VPS主机清理库存,还是多渠道的产品化营销,看到RAKSmart VPS主机提供美国、香港和日本机房的半价促销,当然也包括其他...
CloudCone:洛杉矶MC机房KVM月付1.99美元起,支持支付宝/PayPal
CloudCone是一家成立于2017年的国外VPS主机商,提供独立服务器租用和VPS主机,其中VPS基于KVM架构,多个不同系列,譬如常规VPS、大硬盘VPS等等,数据中心在洛杉矶MC机房。商家2021年Flash Sale活动继续,最低每月1.99美元,支持7天退款到账户,支持使用PayPal或者支付宝付款,先充值后下单的方式。下面列出几款VPS主机配置信息。CPU:1core内存:768MB...
wordpress专业外贸建站主题 WordPress专业外贸企业网站搭建模版
WordPress专业外贸企业网站搭建模版,特色专业外贸企业风格 + 自适应网站开发设计 通用流行的外贸企业网站模块 + 更好的SEO搜索优化和收录 自定义多模块的产品展示功能 + 高效实用的后台自定义模块设置!采用标准的HTML5+CSS3语言开发,兼容当下的各种主流浏览器: IE 6+(以及类似360、遨游等基于IE内核的)、Firefox、Google Chrome、Safari、Opera...
隐士ddos为你推荐
-
vps虚拟主机虚拟主机和VPS的主要区别有哪些?主要是哪些参数不一样?vps汽车的VPS是什么,和GPS有什么区别com域名空间我想注册个.com域名和买一个100M空间。ip代理地址使用IP代理会有什么坏处吗?国内ip代理求一些国内《ip代理》地址大全美国服务器托管美国服务器托管好还是租用好域名备案什么是域名备案?成都虚拟空间成都市规划信息技术中心如何?免费网站空间免费网站空间哪个好虚拟主机控制面板我想问下虚拟主机的控制面板有哪些还不错的品牌呢?价格不能太高最好是性价比比较高一点就行了