A Method of Adaptive Abnormal Network Traffic Detection

doi:10.3969/j.issn.1671-1122.2020.12.004

Abstract

Abstract:

In this paper, we propose a new adaptive attack detection method for DDoS abnormal traffic attacks. The method is based on the characteristics of network access behavior for rapid learning modeling, and then through a traffic TOP-N ranking table to achieve dynamic filtering of abnormal traffic. The sample template of TOP-N table adopts adaptive convergence algorithm to quickly self-learning update. This method can quickly and accurately identify abnormal traffic and attack behavior, and greatly improve the accuracy of abnormal traffic attack detection. It is especially suitable for the detection and protection of slow application DDoS attacks.

Key words: DDoS, TOP-N, adaptive, training template

CLC Number:

TP309

ZHANG Xinyue, HU Anlei, LI Jurong, FENG Yanchun. A Method of Adaptive Abnormal Network Traffic Detection[J]. Netinfo Security, 2020, 20(12): 28-32.

Figures/Tables 2

References 9

[1]	YAN Fen, WANG Jiajia, ZHAO Jinfeng, et al. Overview of DDoS Attack Detection[J]. Computer Application Research, 2008,25(4):76-81.
	严芬, 王佳佳, 赵金凤, 等. DDoS攻击检测综述[J]. 计算机应用研究, 2008,25(4):76-81.
[2]	ZHANG Xinyue. Research and Design of Domain Name Security System[J]. China Information Security, 2016,7(11):29-31.
	张新跃. 域名安全保障体系研究与设计[J]. 中国信息安全, 2016,7(11):29-31.
[3]	XIE Yi, YU Shunzheng. Analysis and Defense of Application Layer DDoS Attacks in New Network Environment[J]. Telecommunications Science, 2007,23(1):89-93.
	谢逸, 余顺争. 新网络环境下应用层DDoS攻击的剖析与防御[J]. 电信科学, 2007,23(1):89-93.
[4]	ZHANG Xinyue, DENG Weichun, SHEN Shuqun. Policy Driven Network Security Management Model[J]. Computer Application Research, 2005,22(1):226-231.
	张新跃, 邓炜春, 沈树群. 策略驱动的网络安全管理模型[J]. 计算机应用研究, 2005,22(1):226-231.
[5]	ZHANG Xinyue, HUA Wangming, HUANG Lilian, et al. Research and Design of Telecom IT Security System in China[J]. Modern Telecommunication Technology, 2011,41(9):24-27.
	张新跃, 华汪明, 黄礼莲, 等, 中国电信IT安全保障体系研究与设计[J]. 现代电信科技, 2011,41(9):24-27.
[6]	LIU Anli, ZHAO Huaixun. Analysis of DDoS Attack and Defense Technology in Network Confrontation[J]. Network Security Technology and Application, 2009,9(7):13-15.
	刘安利, 赵怀勋. 网络对抗中的DDoS攻防技术分析[J]. 网络安全技术与应用, 2009,9(7):13-15.
[7]	ZHAI Guangqun, GAO Kainan. Research on DDoS Attack Detection System of DNS Server[J]. Computer Engineering and Application. 2011,47(33):34-36.
	翟光群, 高凯楠. DNS服务器的DDoS攻击检测系统的研究[J]. 计算机工程与应用, 2011,47(33):34-36.
[8]	LUO Zhiqiang, SHEN Jun, JIN Huamin. Detection and Control Technology of Distributed DNS Reflection DDoS Attack[J]. Telecommunications Science, 2015,31(10):186-191.
	罗志强, 沈军, 金华敏. 分布式DNS反射DDoS攻击检测及控制技术[J]. 电信科学, 2015,31(10):186-191.
[9]	LIU Guorong, LIU Dongxin, SHEN Jun, et al. Abnormal Traffic Detection and Prevention Technology of Ultra Wideband Network[J]. Telecommunications Science, 2012,28(1):22-25.
	刘国荣, 刘东鑫, 沈军, 等. 超宽带网络异常流量检测与防治技术探析[J]. 电信科学, 2012,28(1):22-25.

编号	IP地址	历史排序	流量采样模板库
1 2 3 … N	210.xxx.xxx.xxx 180.xxx.xxx.xxx 202.xxx.xxx.xxx … 211.xxx.xxx.xxx	Xxxxx Xxxx Xxx … Xx	R₁(M_11,M_12,…_,M₁_k) R₂(M_21,M_22,…_,M₂_k) R₃(M_31,M_32,…_,M₃_k) … R_N(M_N_1,M_N_2,…_,M_Nk)
N+1 … N+M	151.xxx.xxx.xxx … 241.xxx.xxx.xxx	X … x	R_N₊₁(M_N_+1,1,M_N_+1,2,…_,M_N_+1,_k) … R_N₊_M(M_N₊_M_,1,M_N₊_M_,2,…_,M_N₊_M_,_k)
E	(空)	（空）	E(E_1,E_2,…_,E_k)

[1]	YU Qing, ZHENG Chonghui, DU Ye. Research on Key Technologies of Security Situation Assessment for the Virtual Layer of Cloud Platform [J]. Netinfo Security, 2020, 20(7): 53-59.
[2]	WANG Jian, WANG Yujie, HAN Lei. DDoS Attack Detection Based on Catastrophe Theory in SDN Environment [J]. Netinfo Security, 2020, 20(5): 11-20.
[3]	Qiaoli YUE, Wanbo LV, Weihong HU, Haikuo ZHANG. Mitigating DDoS Attack Based on DNS Response Value Assessment [J]. Netinfo Security, 2019, 19(9): 56-60.
[4]	Ke ZHANG, Youjie WANG, Shaoyin CHENG, Lidong WANG. Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks [J]. Netinfo Security, 2019, 19(5): 22-29.
[5]	Zhibin YU, Cheng MA, Siqi LI, Miao WANG. Research on DDoS Attack Model Based on Web Application Layer [J]. Netinfo Security, 2019, 19(5): 84-90.
[6]	Quanming LIU, Jie FENG, Yinnan LI, Shasha SU. A HIBE Scheme of Differentiates the Number of Identity Layers [J]. Netinfo Security, 2019, 19(11): 14-23.
[7]	Hongtao GAO, Wei LU, Yuwang YANG. An Adaptive Adjusting Kernel Function-Based Extraction Method for Image Salient Area [J]. Netinfo Security, 2018, 18(2): 54-60.
[8]	Xiangshen MIN, Xuefeng ZHANG. A New Algorithm of the Location of Fingerprint Core in Cloud Computing [J]. Netinfo Security, 2017, 17(7): 59-65.
[9]	ZHANG Xuebo, LIU Jinghao, FU Xiaomei. Design and Implementation of Anti Web DDoS Attack Model Based on Improved Logistic Regression Algorithm [J]. 信息网络安全, 2017, 17(6): 62-67.
[10]	Heng LI, Huawei SHEN, Xueqi CHENG, Yong ZHAI. Review of Network High Flow Distributed Denial of Service Attack and Defense Mechanisms [J]. Netinfo Security, 2017, 17(5): 37-43.
[11]	Shunan SONG, Zhen YANG. Research on Quantization Method of Reducing Bit Disagreement Rate in Secret Key Extraction [J]. Netinfo Security, 2017, 17(4): 46-52.
[12]	Yang XU, Yi CHEN, Rui HE, Xiaoyao XIE. Research of DDoS Detection and Multi-layer Defense in SDN [J]. Netinfo Security, 2017, 17(12): 22-28.
[13]	Chengliang ZHAO, Aiping LI, Rong JIANG. Research on DDoS Attack Effect Evaluation Based on TOPSIS-GRA Integrated Evaluation Method [J]. Netinfo Security, 2016, 16(10): 40-46.
[14]	Jie LI, Xin XU, Yu CHEN, Ding-wen ZHANG. Research on Cloud Forensics Model under the Simulation DDoS Attack Scenarios [J]. Netinfo Security, 2015, 15(6): 67-72.
[15]	Bao-guo LIU, Ling-wei XU, Hao ZHANG, T A GULLIVER. Study on Selection of the Antenna Array in Compass Navigation System [J]. Netinfo Security, 2015, 15(1): 12-15.