server隐士ddos
隐士ddos 时间:2021-01-13 阅读:()
DetectingDDoSattackbasedonPSOClusteringalgorithmXiaohongHao1,a,BoyuMeng1,b,KaichengGu1,c1SchoolofComputer&Communication,LanZhouUniversityofTechnology,Lanzhou730050a;316475958@qq.
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
combboyu8816@163.
com;cgkc1314@qq.
comKeyword:application-tierDistributedDenialofService;browsebehavior;particleclusteringalgorithm;anomalydetection.
Abstract.
First,thisarticleanalyzestheApplicationlayerDistributedDenialofService(DDoS)'sattackprincipleandcharacteristic.
Accordingtothedifferencebetweennormalusers'browsingpatternsandabnormalones,usersessionsareextractedfromtheweblogsofnormalusersandsimilaritiesbetweendifferentsessionsarecalculated.
BecausetraditionalK-meanClusteringalgorithmiseasytofailintolocaloptimal,theParticleSwarmOptimizationK-meanClusteringalgorithmisusedtogenerateadetectingmodel.
ThismodelcanbeenusedtodetectwhethertheundeterminedsessionsareDDoSattacksornot.
Theexperimentshowthatthismethodcandetectattackseffectivelyandhaveagoodperformanceinadaptability.
IntroductionDistributeddenialofserviceattacksisoneofthemajorthreatstothesecurityoftheInternet,whichintheabsenceofanywarningconsumeresourcesofthetarget,itcanbemadeatthenetworklayerorapplicationlayer[1].
ApplicationlayerDDoShavetwoattackmethods[2]:bandwidthdepletionmodeandthehostresourcedepletionmode.
Atpresent,methodstosolvethesesimilarproblemincluding:Intrusiondetectiontechnologybasedondatapacket[3]Detectionmethodbasedonflowlimitation[4],Detectionmethodbasedonfrequencyofaccess[5],DetectionmethodbasedonHiddensemi-Markovmodel[6],Detectionmethodbasedontheanalysisofuserbehaviordatamining[7].
Theliterature[8]proposesanewDosdetectionbasedondatamining,whichcombinedApriorialgorithmandk-meanclusteringalgorithm.
ItusingnetworkdatatodetectDDoS,soitcannotcopewiththeapplicationlayerDDos.
Thek-meanalgorithmhaveitselfflawed,itoverlyneedtoselectthefitclustercentersandforsomeinitialvalue,itmayconvergetosub-optimalsolution.
ApplicationlayerDDoSdetectionbasedonPSOclusteringalgorithmPrincipleandmodelofdetection:ThispaperestablishdetectionmodelwhichisusingtoidentifytheapplicationlayerDDoSformanalysisuserbehavior.
SystemdesignasshowninFigure1.
Figure1.
systemmoduledesignDescriptionofuserbrowsingbehaviorTheWeblogrecordsinformationabouteachuseraccesstotheserver,itincludingtheuser'sIPaddress,client,customeridentification,timeofWebserverreceivestherequest,customerrequests,requeststatuscode,transmittedbytessuchassomeaccessdata.
ExtractWeblog,preprocesstheinformationandtranslatetheresultsintoSession:1122{,,u,,u,,,u}kkiiSipttt(1)CalculatethedistancebetweensessionsInordertomoreaccuratelydescribetheuserbrowsingbehavior,betterreflectsthenormallegitimateusersandanomalyattacksusersbrowseaccesstothedifferenceinbehavior,soanalysisthesimilaritiesanddifferencesincontent,time,page-viewsandsequence.
Thispaperrefertothemethodwhichusethreevectorsandamatrixtodetaileddescripttheuser'ssessionfeatures.
Thencalculatethesimilaritybetweensession,themoresimilaritythedistancemoresmall.
Sotheabstractdistancecanbedefinedas1d=.
Definition1(contentvector):12(w,w,,w)knW,lengthofthevectorisn.
Itindicatestheservercontainspagenumber.
Theformulaisasfollows:[1,n](W,W)(W,W)iipqipqn()()(2)Definition2(timevector):12(t,t,,t)knT1,lengthofthevectorisn.
Itofuserbrowsingpagei.
Thesimilarityformulaoftwohitvectorsisasfollows:(T,T)1d(T,T)pqpq(3)Definition3(hitvector):12(hit,hit,,hit)knHit,lengthofthevectorisn.
Itindicatestimesnumberofauserbrowsapage,itreflectstheuser'sinterestdegreeeachpages.
(Hit,Hit)1d(Hit,Hit)pqpq(4)Definition4(sequencematrix):kHisannmatrix,itrecordsthenumberoftimesofjumpingbetweenthevariouspagesinthesession.
Thesimilarityformulaoftwotimevectorsisasfollows:(i,j)(i,j)(1,n)(1,n)2(H,H)(H,H)pqijpqn(5)Consideringthesimilaritybetweenthreevectorandamatrix,theoverallsimilarity(S,S)pq,isasfollows:(W,W)(T,T)(Hit,Hit)(H,H)(S,S)4pqpqpqpqpq(6)Numericallygreater,thesessionaremoresimilar,thedistancebetweentheresessionsissmaller.
Sothedistanceisasfollows:Theformulaisasfollow1d(S,S)(S,S)pqpq(7)DetectionofattacksTheSessionsisdefinedas,{Si1,2,N}iS,,SiisaN-dimensionalpatternvector.
Thesolutionistodivide12M1,letthetotaldispersionoftheallclusterstobeminimum.
Thetotaldistanceofallsamplestothecorrespondingcluster'scentersisminimum.
Theformulaisasfollow:()1(S,)jijMijXJdS(8)()Sjisthecluster'scenterj,()(S,S)jidisthedistancebetweenthesampleandthecluster'scenterj.
PSOClusteringalgorithmThispaperconsiderthecluster'scenterasaparticle'scorrespondedsolution,theparticle'slocationiscombinedwithcluster'scenter.
TherearetwoformsofapplicationlayerDDoSattacksandnormaluser,sothenumberofclustersisM=3.
Algorithmflowchartisasfollows:idPgdPgdPFigure2.
FlowchartPSOclusteringalgorithmExperimentalresultsandanalysisThispaperusethedatafromCentralSouthUniversity'svisualresearchgroup.
TForthelargeamountsofthedata,thepaperrandomlycollect100sampleand20attacksampledatafromtheWeblogofuseraaccesslogs.
ProgramdevelopmentplatformisMATLAB2014a.
TheclusteranalysisresultsinFigure3.
DatSkItcanbattacksnumaccesstoleanalysis,thConclusioThispapapplicationalgorithmexceptionbehavior,dbetweeneaSimulationperformancReference[1]Fenapplication[2]Chulayer[D].
C[3]Douate-of-art[J[4]Sunacks[J].
AC[5]Mu].
Journalo[6]YiGuangdongtaSessiok120beseenthatmberslightegitimateusheaccuracynperanalysisnlayerDDanddescribaccessbehadescribetheachsession,nexperimenceinadaptaesnYan,Jiajian,2008,25uanXu.
ResChongqingugligerisC,J],ComputenChang-huCTEElectrouthuprasannofSoftwareXie.
Researg:SunYatFigure3.
onActualtmodeldetlymorethaser'sbehaviywillbeincstheprincipDoSattacksbeuser'sbeavior,accoreuser'sbrothendetectntsshowthability.
aWang,Jinfe(4):966searchandiUniversity,,MitrokotsaerNetwork,a,LiuBin.
onicaSINCnaM,Manim.
2007,4(18rchonkey-senUniveClusteringTablattackSess20tectionrateannumberoior.
IfincreareasedaccoplesandchadetectionmehaviorofbrdingtotheowsingbehattheattackshatthismeengZhao.
D-969.
mplementat,2012.
aA.
DDoS,2004,(44):SurveyonNCA.
2009,7(maranG.
Di8):967-977technologyersity,2008resultsofEle1ClusteriionDeteisabout86ofactualatasetheamouordingly.
aracteristicsmethodwhbrowsingWedifferenceaviorbydasbehaviorbethodcandDDoSattackationofDDoattacksand643-666.
NewSolutio(37):1562-1istributedByofHTTP8Euclideanspingresultsectingattack236%fromthtacksistheuntofthedofapplicatihichisbaseWebpages.
oflegitimaataminingtbyusingPardetectattackdetectionoSattackdeddefencesmonAgainst1570.
BasedonWeattackdetecpaceprojectkSessionheTable1.
emodelcanata,aftercoionlayerDDedonPartiConsiderthateandabnotechnique,cticleSwarmckseffectivnsummary[etectionalgmachanismsDistributedebUser'sBctiononapptionAccuracy86%ThereasonnnotreflectorrespondingDoSattacksicleSwarmheattacksanormaluser'calculatethmClusteringvelyandha[J].
Studyongorithmson:ClassificadDenialofSBrowsingBeplication-rate%nofdetectstallnormalgclusterings,provideaClusteringasanuser's'sbrowsingesimilaritygalgorithm.
aveagoodncomputerapplicationationandstServiceAttehaviours[Jlayer[D].
slgagsgy.
drn.
[7]FengyuWang,ShoufengCao,JunXiao.
ADDoSdetectionmethodofcommunityoutreachbasedonWebapplicationlayer[J].
Journalofsoftware,2013,24(6):1263-1273.
[8]NengGao,DengguoFeng,.
ADOSattackdetectionbasedondataminingtechnology[J].
ChineseJournalofComputers,2006,29(6):944-950
- server隐士ddos相关文档
- 联网隐士ddos
- SPCIFICATIONS隐士ddos
- unrelated隐士ddos
- contact隐士ddos
- including隐士ddos
- chiffres隐士ddos
提速啦(69元起)香港大带宽CN2+BGP独享云服务器
香港大带宽服务器香港大带宽云服务器目前市场上可以选择的商家十分少,这次给大家推荐的是我们的老便宜提速啦的香港大带宽云服务器,默认通用BGP线路(即CN2+BGP)是由三网直连线路 中国电信骨干网以及HGC、NTT、PCCW等国际线路混合而成的高品质带宽(精品带宽)线路,可有效覆盖全球200多个国家和地区。(适用于绝大部分应用场景,适合国内外访客访问,域名无需备案)提速啦官网链接:点击进入香港Cer...
pacificrack7月美国便宜支持win VPS,$19.99/年,2G内存/1核/50gSSD/1T流量
pacificrack发布了7月最新vps优惠,新款促销便宜vps采用的是魔方管理,也就是PR-M系列。提一下有意思的是这次支持Windows server 2003、2008R2、2012R2、2016、2019、Windows 7、Windows 10,当然啦,常规Linux系统是必不可少的!1Gbps带宽、KVM虚拟、纯SSD raid10、自家QN机房洛杉矶数据中心...支持PayPal、...
美国云服务器 1核 1G 100M 10G防御 39元/月 物语云计算
物语云计算(MonogatariCloud)是一家成立于2016年的老牌国人商家,主营国内游戏高防独服业务,拥有多家机房资源,产品质量过硬,颇有一定口碑。本次带来的是美国圣何塞 Equinix 机房的高性能I9-10980XE大带宽VPS,去程CN2GIA回程AS9929,美国原生IP,支持解锁奈飞等应用,支持免费安装Windows系统。值得注意的是,物语云采用的虚拟化技术为Hyper-V,资源全...
隐士ddos为你推荐
-
主机租赁电脑出租怎么收费的?免费注册域名怎么注册免费域名?企业虚拟主机企业虚拟主机和个人虚拟主机选择有差别吗?免费vps服务器免费服务器有哪些美国vps租用如何租用到最快的美国服务器海外域名什么叫海外域名?重庆虚拟空间重庆那里可以租用VSP主机重庆虚拟空间重庆有几个机场?免费网站空间有没有免费的网站空间推荐网站空间商网站空间商怎么查询