server隐士ddos
隐士ddos 时间:2021-01-13 阅读:()
DetectingDDoSattackbasedonPSOClusteringalgorithmXiaohongHao1,a,BoyuMeng1,b,KaichengGu1,c1SchoolofComputer&Communication,LanZhouUniversityofTechnology,Lanzhou730050a;316475958@qq.
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
- server隐士ddos相关文档
- 联网隐士ddos
- SPCIFICATIONS隐士ddos
- unrelated隐士ddos
- contact隐士ddos
- including隐士ddos
- chiffres隐士ddos
AlphaVPS(€3.99/月)VPS年付15欧,AMD EYPC+NVMe系列起
AlphaVPS是一家保加利亚本土主机商(DA International Group Ltd),提供VPS主机及独立服务器租用等,数据中心包括美国(洛杉矶/纽约)、德国、英国和保加利亚等,公司办公地点跟他们提供的保加利亚数据中心在一栋楼内,自有硬件,提供IPv4+IPv6,支持PayPal或者信用卡等方式付款。商家提供的大硬盘VPS主机,提供128GB-2TB磁盘,最低年付15欧元起,也可以选择...
香港云服务器 1核 256M 19.9元/月 Mineserver Ltd
Mineserver(ASN142586|UK CompanyNumber 1351696),已经成立一年半。主营香港日本机房的VPS、物理服务器业务。Telegram群组: @mineserver1 | Discord群组: https://discord.gg/MTB8ww9GEA7折循环优惠:JP30(JPCN2宣布产品可以使用)8折循环优惠:CMI20(仅1024M以上套餐可以使用)9折循...
欧路云:美国CUVIP线路10G防御,8折优惠,19元/月起
欧路云新上了美国洛杉矶cera机房的云服务器,具备弹性云特征(可自定义需要的资源配置:E5-2660 V3、内存、硬盘、流量、带宽),直连网络(联通CUVIP线路),KVM虚拟,自带一个IP,支持购买多个IP,10G的DDoS防御。付款方式:PayPal、支付宝、微信、数字货币(BTC USDT LTC ETH)测试IP:23.224.49.126云服务器 全场8折 优惠码:zhujiceping...
隐士ddos为你推荐
-
网站空间购买网站空间购买注意事项手机网站空间我想建一手机网站,那位推荐一个域名便宜点的手机建站网址,空间小也没关系。虚拟主机mysql如何连接虚拟主机中的MYSQL长沙虚拟主机长沙双线虚拟主机湖南稳定双线虚拟主机湖南双线主机租用推荐一个?广西虚拟主机怎样建立虚拟机和本地计算机的桥接美国虚拟主机推荐美国独立ip虚拟主机哪儿有,推荐下?域名解析什么是域名解析,这个是干嘛的!!中文域名中文域名有哪写类型?新网域名新网域名如何办理过户?域名升级访问如何自动更新域名的IP?