洪水攻击入侵检测的可视化分析模型

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.38

Jinson Zhang, M. Huang

{"title":"洪水攻击入侵检测的可视化分析模型","authors":"Jinson Zhang, M. Huang","doi":"10.1109/TrustCom.2013.38","DOIUrl":null,"url":null,"abstract":"Flood attacks are common forms of Distributed Denial-of-Service (DDoS) attack threats on internet in nature. This has necessitated the need for visual analysis within an intrusion detection system to identify these attacks. The challenges are how to increase the accuracy of detection and how to visualize and present flood attacks in networks for early detection. In this paper, we introduce three coefficients, which not only classify the behaviors of flood attacks, but also measure the system performance under those flood attacks: a) attack-density that patterns the characters of flood attack, b) system workload which represents the system capability in handling flood attack and c) the scalability to classify the impact level of the flood attack at victim site. A visual clustered method is used to display the DDoS flood attacks. The experimentation results are presented to demonstrate our new model significantly improves the accuracy of the detection of DDoS attacks and provides a better understanding of the nature of flood attacks on networks.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"123 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Visual Analytics Model for Intrusion Detection in Flood Attack\",\"authors\":\"Jinson Zhang, M. Huang\",\"doi\":\"10.1109/TrustCom.2013.38\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Flood attacks are common forms of Distributed Denial-of-Service (DDoS) attack threats on internet in nature. This has necessitated the need for visual analysis within an intrusion detection system to identify these attacks. The challenges are how to increase the accuracy of detection and how to visualize and present flood attacks in networks for early detection. In this paper, we introduce three coefficients, which not only classify the behaviors of flood attacks, but also measure the system performance under those flood attacks: a) attack-density that patterns the characters of flood attack, b) system workload which represents the system capability in handling flood attack and c) the scalability to classify the impact level of the flood attack at victim site. A visual clustered method is used to display the DDoS flood attacks. The experimentation results are presented to demonstrate our new model significantly improves the accuracy of the detection of DDoS attacks and provides a better understanding of the nature of flood attacks on networks.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"123 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.38\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

洪水攻击本质上是互联网上常见的分布式拒绝服务攻击威胁形式。这就需要在入侵检测系统中进行可视化分析，以识别这些攻击。面临的挑战是如何提高检测的准确性，以及如何在网络中可视化和呈现洪水攻击以进行早期检测。本文引入了表征洪水攻击特征的攻击密度、表征系统处理洪水攻击能力的系统工作负荷和表征洪水攻击对受害站点影响程度的可扩展性三个系数，不仅可以对洪水攻击的行为进行分类，还可以衡量系统在洪水攻击下的性能。采用可视化聚类的方式对DDoS flood攻击进行显示。实验结果表明，我们的新模型显着提高了DDoS攻击检测的准确性，并提供了对网络上洪水攻击性质的更好理解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Visual Analytics Model for Intrusion Detection in Flood Attack

Flood attacks are common forms of Distributed Denial-of-Service (DDoS) attack threats on internet in nature. This has necessitated the need for visual analysis within an intrusion detection system to identify these attacks. The challenges are how to increase the accuracy of detection and how to visualize and present flood attacks in networks for early detection. In this paper, we introduce three coefficients, which not only classify the behaviors of flood attacks, but also measure the system performance under those flood attacks: a) attack-density that patterns the characters of flood attack, b) system workload which represents the system capability in handling flood attack and c) the scalability to classify the impact level of the flood attack at victim site. A visual clustered method is used to display the DDoS flood attacks. The experimentation results are presented to demonstrate our new model significantly improves the accuracy of the detection of DDoS attacks and provides a better understanding of the nature of flood attacks on networks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量