信息网络安全

信息网络安全 ›› 2019, Vol. 19 ›› Issue (5): 84-90.doi: 10.3969/j.issn.1671-1122.2019.05.011

• 理论研究 • 上一篇    下一篇

基于Web应用层的DDoS攻击模型研究

喻志彬1, 马程1(), 李思其2, 王淼3   

  1. 1. 北京市公安局网络安全保卫总队,北京 100029
    2. 云南警官学院,云南昆明 650223
    3. 31436部队,辽宁沈阳 110805
  • 收稿日期:2018-03-08 出版日期:2019-05-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:喻志彬(1977—),男,福建,工程师,硕士,主要研究方向为网络攻击与防范、网络犯罪侦察;马程(1989—),男,宁夏,工程师,硕士,主要研究方向为网络攻击与防范、网络犯罪侦察;李思其(1974—),女,云南,讲师,硕士,主要研究方向为经济犯罪案件侦查、网络犯罪;王淼(1978—),女,辽宁,硕士,主要研究方向为通信网络管理、计算机通信及计算机网络管理。

Research on DDoS Attack Model Based on Web Application Layer

Zhibin YU1, Cheng MA1(), Siqi LI2, Miao WANG3   

  1. 1. Network Security Corps, Beijing Public Security Bureau, Beijing 100029, China
    2. Yunnan Police College, Kunming Yunnan 650223, China
    3. Unit 31436 of PLA, Shenyang Liaoning 110805, China
  • Received:2018-03-08 Online:2019-05-10 Published:2020-05-11

RichHTML

7

PDF (PC)

176

摘要:

随着云计算及物联网技术的快速发展,不安全的网络空间资源呈指数级增长,分布式拒绝服务攻击(DDoS)逐渐成为威胁计算机网络安全的最主要因素之一。在攻击与防御的过程中,DDoS攻击的发展趋势正由传统的单线攻击发展为平台攻击。当前对Web应用层攻击的研究主要集中于传统CC攻击、变异的CC攻击、HTTP慢速攻击及基于HTML5的WebSocket新特性攻击等领域。文章在现有研究的基础上,对两类基于Web应用层的DDoS攻击模型进行了深入的分析,一类是基于API的DDoS攻击模型,另一类是基于Web后门的DDoS攻击模型。两种模型均是基于Web特性的新型攻击方式,具有比较典型的特征。对此类攻击模型的研究,有助于网络安全研究人员提出相应的防御方法,提高Web服务端抗DDoS攻击的能力。

关键词: Web应用层, DDoS攻击, API, Web后门

Abstract:

Due to the rapid development of cloud computing and IoT technology, unsafe network space resources are growing exponentially, leading to distributed denial of service attacks(DDoS) gradually becoming the most important threat to computer network security. In the process of attack and defense, the development trend of DDoS attack is changing from traditional single-line attack to platform attack. Currently, the research fields of Web application layer attacks mainly focus on traditional CC attacks, mutated CC attacks, HTTP slow attacks and new features attacks of Web Socket based on HTML5. On the basis of existing research, this paper makes a deep analysis of two kinds of DDoS attack models based on Web application layer, one is based on API, the other is based on Web backdoor. Both models are new attack modes based on Web characteristics and have typical characteristics. The research on this kind of attack model is helpful for network security researchers to propose corresponding defense methods and improve the ability of Web server to resist DDoS attacks.

Key words: Web application layer, DDoS attack, API, Web backdoor

中图分类号: