基于模糊聚类的DDoS攻击检测方法研究
|
摘要
分布式拒绝服务(DDoS, Distributed Denial of Service)攻击是一种常见的恶意攻击形式,由于其隐蔽性和分布性而难于检测和防御,近年来它给因特网业务带来了不可估量的损失。研究DDoS攻击的有效检测和防范方法成为了网络攻击检测领域一个十分重要的问题。目前人们对DDoS攻击进行防范、检测和反击做了大量的研究工作,也取得了一些突破和进展。
首先介绍了目前网络通信所用协议的基本原理,接下来介绍了DoS攻击的定义和攻击方式。在其基础上,引出分布式的拒绝服务攻击。详细剖析了DDoS攻击的体系结构和工作原理,对其攻击手段和攻击方法作全面深入的研究、比较和总结。DDoS检测技术包括两大类:异常检测和特征检测,介绍了基于这两种检测方案的DDoS攻击检测方法。
已经提出的DDoS攻击检测方法都是针对某一类型的攻击进行检测,如果在攻击的过程中,攻击的方法或者组包的方式发生变化,很有可能导致检测失败或者检测率下降。为了能够动态检测DDoS攻击,适应攻击的变化,引入了聚类分析和模糊理论,将模糊聚类的方法应用到对攻击数据包的检测上,提出了一种基于模糊模式识别的攻击检测模型,该模型建立了两个模糊集,计算当前数据包对两个模糊集的隶属度和两个模糊集的模糊相似度,从而判断当前数据包是否正常,实现异常数据包的过滤。在对数据包进行过滤的过程中,根据当前数据包的信息对两个模糊集进行动态更新,保证模糊集能够适应攻击的变化。
经实验证明,该方法能有效的过滤DDoS攻击包,同时具有较好的自适应性和自学习性。相对于已有的检测方法,本文提出的方法能够较好地适应攻击的变法。
DDoS(Distributed Denial of Service) is a common malicious attacks. With the hiding and distributed attack, and it is not easy to detect and defend the DDoS. The DDoS has brought immeasurable loss in recent years. The research of detecting and defending the DDoS effectively is a important issue. Currently, a lot of job has been done for detecting and defending the DDoS, and some breakthroughs and progress have been made.
Firstly, we introduce the network protocol, definition and principles of DoS. The architecture and the principle of DDoS are analyzed in detailed. We given a comprehensive and in-depth research on the attack methods, and get some comparison and summary. There are two way to detect the DDoS, feature detection and anomaly detection, which are introduced in this paper.
The detection of DDoS has been proposed are focusing on corresponding type of attacks. During the attacking, if the way of attacking or the feature of the attacking packets have changed, the rate of detecting will decline, even failure to detect the attack. In order to detect dynamic DDoS attacks and fit the change of the attack, we introduce the cluster analysis and fuzzy theory. The fuzzy clustering is applied to detect the attacking packets. A schema of detecting the DDoS is proposed in this paper, in this schema, two fuzzy sets are built. When we analyze the income packets, the membership functions of packet to the fuzzy sets and the fuzzy similarity of the two sets are computed, which can be used to decide whether the packets is normal. When we detecting the packets, the fuzzy sets will be updated dynamically and ensure that the schema to adapt to the changes of the attack.
The experiment proved that the method is effective for the DDoS attack. At the same time, the schema is self-adaptive and self-learning. Compared to the existing schema, this method can adapt to the changes of the attacks.
首先介绍了目前网络通信所用协议的基本原理,接下来介绍了DoS攻击的定义和攻击方式。在其基础上,引出分布式的拒绝服务攻击。详细剖析了DDoS攻击的体系结构和工作原理,对其攻击手段和攻击方法作全面深入的研究、比较和总结。DDoS检测技术包括两大类:异常检测和特征检测,介绍了基于这两种检测方案的DDoS攻击检测方法。
已经提出的DDoS攻击检测方法都是针对某一类型的攻击进行检测,如果在攻击的过程中,攻击的方法或者组包的方式发生变化,很有可能导致检测失败或者检测率下降。为了能够动态检测DDoS攻击,适应攻击的变化,引入了聚类分析和模糊理论,将模糊聚类的方法应用到对攻击数据包的检测上,提出了一种基于模糊模式识别的攻击检测模型,该模型建立了两个模糊集,计算当前数据包对两个模糊集的隶属度和两个模糊集的模糊相似度,从而判断当前数据包是否正常,实现异常数据包的过滤。在对数据包进行过滤的过程中,根据当前数据包的信息对两个模糊集进行动态更新,保证模糊集能够适应攻击的变化。
经实验证明,该方法能有效的过滤DDoS攻击包,同时具有较好的自适应性和自学习性。相对于已有的检测方法,本文提出的方法能够较好地适应攻击的变法。
DDoS(Distributed Denial of Service) is a common malicious attacks. With the hiding and distributed attack, and it is not easy to detect and defend the DDoS. The DDoS has brought immeasurable loss in recent years. The research of detecting and defending the DDoS effectively is a important issue. Currently, a lot of job has been done for detecting and defending the DDoS, and some breakthroughs and progress have been made.
Firstly, we introduce the network protocol, definition and principles of DoS. The architecture and the principle of DDoS are analyzed in detailed. We given a comprehensive and in-depth research on the attack methods, and get some comparison and summary. There are two way to detect the DDoS, feature detection and anomaly detection, which are introduced in this paper.
The detection of DDoS has been proposed are focusing on corresponding type of attacks. During the attacking, if the way of attacking or the feature of the attacking packets have changed, the rate of detecting will decline, even failure to detect the attack. In order to detect dynamic DDoS attacks and fit the change of the attack, we introduce the cluster analysis and fuzzy theory. The fuzzy clustering is applied to detect the attacking packets. A schema of detecting the DDoS is proposed in this paper, in this schema, two fuzzy sets are built. When we analyze the income packets, the membership functions of packet to the fuzzy sets and the fuzzy similarity of the two sets are computed, which can be used to decide whether the packets is normal. When we detecting the packets, the fuzzy sets will be updated dynamically and ensure that the schema to adapt to the changes of the attack.
The experiment proved that the method is effective for the DDoS attack. At the same time, the schema is self-adaptive and self-learning. Compared to the existing schema, this method can adapt to the changes of the attacks.
引文
[1]中国互联网络信息中心.中国互联网络发展状况统计报告[R].2007,21-22
[2]李硕,杜玉杰,刘庆卫.DDos攻击防御机制综述[M].微计算机信息,2006,(22):2-3
[3]Code Red' virus infects Web-White House target of worm that attacked about 225,000Web servers[DB/OL]. http://www.kingcountyjournal.com/sited/story/html /60582,2003-02-25.
[4]Reuters. PC viruses spawn$ 55billion loss in 2003[DB/OL]. htp://news.com.com/ 2102-7349 we3-5142144.html, Accessed at 2004-02-16
[5]Global Business Security Index Report. IBM,2005
[6]计算机安全协会[J/OL]. CSI/FBI计算机犯罪与安全调查,2006
[7]李明柱,时忆杰.黑客攻击与安全防范[M].北京:北京航空航天大学出版社,2002.7
[8]樊康新.DDoS攻击的技术分析及防范策略研究[J].南通大学学报(自然科学版),2005,4(3):51-53
[9]Mrikovic J, Peiher P.D-WARD. A Source-End Defense against Flooding Denial-of-Service Attacks[J]. IEEE Computer Society, Sep,2005,234-240
[10]姚淑萍,胡昌震.基于负载预测的分布式拒绝服务攻击检测方法研究[J].科技导报,2005,23(9):52-56
[11]刘传斌,骆旭林.基于历史过滤的DDoS防御模型[J].商场现代化,2005(19):56-59
[12]庄肖斌,芦康俊,王理等.一种基于流量统计的攻击检测方法[J].计算机工程,2004,30(22):127-129
[13]邹柏贤.网络流量异常检测与预测方法研究[D].中国科学院[博士学位论文].北京:中国科学院计算技术研究所,2003-08-01
[14]吴蓉晖,梁一鸣,喻飞等.基于模糊C均值聚类算法的DDoS攻击检测与仿真[J],2008,6(6):1130-1134
[15]张彦波,李明.基于模糊理论的分布式拒绝服务攻击检测[J].计算机应用,2005,25(12):2751-2752
[16]李广辉,王绍棣,张伟.基于聚类算法的DDoS数据流检测和处理[J].南京邮电学院学报,2005,25(5):11-14
[17]胡康兴,唐东斌.基于模糊动态聚类的入侵检测[J].计算机工程,2007,33(10):153-155
[18]鲜继清,郎风华.基于模糊聚类理论的入侵检测数据分析[J].重庆大学学报(自然科学版),2005,28(7):74-77
[19]唐贤伦,庄陵,李银国等.基于粒子群优化和模糊c均值聚类的入侵检测[J].计算机工程,2008,34(4):13-15
[20]杨德刚.基于模糊C均值聚类的网络入侵检测算法[J].计算机科学,2005,32(1):86-88
[21]杨晓强.一种进化半监督式模糊聚类的入侵检测算法[J].计算机工程与应用,2008,44(4):33-35
[22]张凌杰,褚学征,张国辉.基于PSO模糊聚类算法的入侵检测研究[J].计算机工程与应用,2008,44(2):149-151
[23]陈健美,宋顺林,陆虎等.改进模糊聚类算法及其在入侵检测中的应用[J].东南大学学报(自然科学版),2007,37(4):589-592
[24]陆虎.基于PCA与属性权重模糊聚类的入侵检测方法[J].江苏科技大学学报(自然科学版),2008,22(2):67-70
[25]朱红斌,蔡郁.基于进化半监督模糊聚类算法的病毒检测研究[J].计算机技术与自动化,2008,27(1):104-106
[26]郭亚周,高德远,高翔.模糊聚类分析在入侵检测系统中的应用研究[J].沈阳理工大学学报,2005,24(4):26-28
[27]王瑜,姚国珍,黄怡然.基于线性预测的DDoS攻击检测方法[J].计算机工程.2008,34(20):156-158
[28]唐鹏,张自力.基于信息熵的多Agent DDoS攻击检测[J].计算机科学,2008,35(3):292-295
[29]刘渊,周刚.基于提升小波的DDoS实时检测[J].计算机工程与应用,2007,43(32):122-124
[30]W. Richard Stevens. TCP/IP详解卷1:协议[M].北京:清华大学出版社,2000
[31]陈波,于泠.DoS攻击原理与对策的进一步研究[J].计算机工程与应用,2001,37(10):30-33
[32]苏更殊,李之堂.DDoS攻击的分析、检测与防范技术[J].计算机工程与设计,2002,23(11):5-8
[33]P.J.Criscuolo. Distributed Denial of Service Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319, Department of Energy Computer Incident Advisory(CIAC), UCRL-ID-136939, Rev.1[J]. Lawrence Livermore National Laboratory, February 14,2000
[34]D.Dittrich. The Tribe Flood Network Distributed Denial of Service attack tool[J]. University of Washington, October 21,1999
[35]J.Barlow, W.Thrower. TFN2K-an analysis[DB/OL]. http://security.royans,net/ info/posts/bugtrag_ddos2.shtml
[36]D.Ddittrich. The stacheldraht_Distributed Denial of Service attack tool[J]. Uninversity of Washington, December 1999, Available fromhttp://staff. washington. edu/dittrich/misc/stacheldraht.analysis.txt
[37]D.Dittrch, G. Weaver, S.dietrich etal. The mstream Distribute Denial of Service attack tool[DB/OL]. May 2000, Available fromhttp://staff. Washington. edu/dittrich/misc.mstream.analysis.txt
[38]S.Dietrich, N.Long, D.Dittrich. Analyzing Distributed Denial of Service tools:the Shaft Case, in:Proceedings of the 14th Systems Administration Conference (LISA2000)[J]. New Orleans, LA, USA, December 3-8,2000,329-339
[39]B.Hancock. Trinity V3, a DDoS tool, hits the streets[J]. Computer Security. 2000,19(7):574-579
[40]CERT Coordination Center, Carnegie Mellon Software Engineering Institue. CERT Advisory CA-2001-20 Continuing threats to home users[J].23,2001, Available from http://www.cert.org/advisories/CA-2001-20.html
[41]刘峰,胡昌振,帅艳民.基于分形特征的网络异常检测方法研究[J].计算机工程和应用,2004,22:34-36
[42]PaulBaroful, JeeffryKline, Dvaid Plokna etal. A Signal Analysis of Network Traffic Anomalies, Proceeding of ACM symposium Interment Measure-ment WorkshoP[J].2002,1-12
[43]杨余旺,杨静宇,孙亚民.分布式拒绝服务攻击的实现机理及其防御研究[J].计算机工程与设计,2004,25(5):657-671
[44]刘华文.模糊模式识别的基础——相似度量[J].模式识别与人工智能,2004,17(2):141-145
[45]Han Jiawei, Micheline Kamber.数据挖掘概念与技术[M].北京:机械工业出版社,2001
[46]Zadeh, L.A. A Fuzzy-set-theoretic Interpretation of Hedges [J]. Journal of Cybernetics,1972,(2):4-34
[47]E. Ruspini. Recent developments in fuzzy clustering in Fuzzy Set. and Possibility Theory:Recent Developments, R. R. Yager, Ed[J]. New York: Pergamon,1982,133-147
[48]BezdekJC. Pattern Recognition with Fuzzy Objective Function Algorithms[J]. New York:Plenum,1981
[49]朱卫未,王卫平.基于模糊聚类分析的入侵检测方法[J].系统工程与电子技术,2006,28(3):475-479
[50]丁国良,王希武,杨素敏.基于模糊聚类的入侵检测方法[J].军械工程学院学报,2005,17(6):62-65
[51]刘勇国,陈克非.基于混合遗传聚类的入侵检测算法[J].计算机工程,2006,2:23-25
[52]Portnoy L, Eskin E, Stolfo J. Intrusion Detection with unlabeled data using Clustering, Proceeding of ACM CSS Workshop on Data Mining Applied to Security[DB/OL].Philadelphia,2001
[53]罗敏.基于聚类和支持向量机的网络攻击检测研究[D].武汉大学[博士学位论文].武汉:武汉大学,2003.11
[54]李庆华,李新,蒋盛益.一种面向高维混合属性数据的异常挖掘算法[J].计算机应用,2005,25(6):42-46
[55]鲜继清,郎风华.基于模糊聚类理论的入侵检测数据分析[J].重庆大学学报.(自然科学版),2005,28(7):74-79
[56]高新波.模糊聚类分析及其应用第一版[M].西安:西安电子科技大学出版社,2004,1
[57]王晓峰.基于进化半监督式模糊聚类算法的入侵检测[M].西安:西安电子科技大学出版社,2005
[58]KDDCUP99[DB/OL] dataset, http://kdd.ics.uci.edu/database/kddcup99/kddcup99. html,1999
[59]Criscuolo PJ. Distributed denial of service-Trin00, Tribe flood network [R]. Technical Report CIAC22319. California,USA:Computer Incident Advisory Capability, Department of Energy,2000
[60]CSI/FBI Computer Crime and Security Survey[DB/OL],2003,70-82
[61]Laura Feinstein,Dan Schnackenberg.Statistical Approaches to DDoS Attack Detection and Response.Proceedings of the DARPA Information Survivability Conference and Exposition[DB/OL] (DISCEX'03)0-7695-1897-4/03, IEEE2003, 234-238
[62]李俐颖.基于信息熵的DDoS攻击检测及辅助检测模型[J].电子科技大学研究生学报,2006,(32):34-39
[63]R.Mhaajna, S.Bellovin, S.Floyd etal. Ontrolling High Bandwidth Aggregates in the Network, etwork, technical report[J]. ACIRI and AT&T Labs Research, 2001,1-15
[64]Help Defeat Denial of Service Attacks:Step-by-step[DB/OL]. http://www.sans. org/dosstep/
[65]Ji-Qing Xian, Feng-Hua Lang, Xian-Lun Tang. A novel intrusion detection method based on clonal selection clustering algorithm, Machine Learning and Cybernetics,2005[J].Proeeedings of 2005 International Conference on Volume 6, 18-21 Aug.2005,3905-3910
[66]XinUyyarllg, YongLin, MingZeng etal. A Novel DDoS Attack Detecting Algorithm Based on the Continuous Wavelet Transform[J]. Proceeding of AWCC 2004, SPringer VerlagBerlinHeidelbger2004,173-181
[67]朱良根,张玉清,雷振甲.DoS攻击及其防范[J].计算机应用研究,2004,83-87
[68]张敏,于剑.基于划分的模糊聚类算法[J] 软件学报,2004,15(6):555-565
[2]李硕,杜玉杰,刘庆卫.DDos攻击防御机制综述[M].微计算机信息,2006,(22):2-3
[3]Code Red' virus infects Web-White House target of worm that attacked about 225,000Web servers[DB/OL]. http://www.kingcountyjournal.com/sited/story/html /60582,2003-02-25.
[4]Reuters. PC viruses spawn$ 55billion loss in 2003[DB/OL]. htp://news.com.com/ 2102-7349 we3-5142144.html, Accessed at 2004-02-16
[5]Global Business Security Index Report. IBM,2005
[6]计算机安全协会[J/OL]. CSI/FBI计算机犯罪与安全调查,2006
[7]李明柱,时忆杰.黑客攻击与安全防范[M].北京:北京航空航天大学出版社,2002.7
[8]樊康新.DDoS攻击的技术分析及防范策略研究[J].南通大学学报(自然科学版),2005,4(3):51-53
[9]Mrikovic J, Peiher P.D-WARD. A Source-End Defense against Flooding Denial-of-Service Attacks[J]. IEEE Computer Society, Sep,2005,234-240
[10]姚淑萍,胡昌震.基于负载预测的分布式拒绝服务攻击检测方法研究[J].科技导报,2005,23(9):52-56
[11]刘传斌,骆旭林.基于历史过滤的DDoS防御模型[J].商场现代化,2005(19):56-59
[12]庄肖斌,芦康俊,王理等.一种基于流量统计的攻击检测方法[J].计算机工程,2004,30(22):127-129
[13]邹柏贤.网络流量异常检测与预测方法研究[D].中国科学院[博士学位论文].北京:中国科学院计算技术研究所,2003-08-01
[14]吴蓉晖,梁一鸣,喻飞等.基于模糊C均值聚类算法的DDoS攻击检测与仿真[J],2008,6(6):1130-1134
[15]张彦波,李明.基于模糊理论的分布式拒绝服务攻击检测[J].计算机应用,2005,25(12):2751-2752
[16]李广辉,王绍棣,张伟.基于聚类算法的DDoS数据流检测和处理[J].南京邮电学院学报,2005,25(5):11-14
[17]胡康兴,唐东斌.基于模糊动态聚类的入侵检测[J].计算机工程,2007,33(10):153-155
[18]鲜继清,郎风华.基于模糊聚类理论的入侵检测数据分析[J].重庆大学学报(自然科学版),2005,28(7):74-77
[19]唐贤伦,庄陵,李银国等.基于粒子群优化和模糊c均值聚类的入侵检测[J].计算机工程,2008,34(4):13-15
[20]杨德刚.基于模糊C均值聚类的网络入侵检测算法[J].计算机科学,2005,32(1):86-88
[21]杨晓强.一种进化半监督式模糊聚类的入侵检测算法[J].计算机工程与应用,2008,44(4):33-35
[22]张凌杰,褚学征,张国辉.基于PSO模糊聚类算法的入侵检测研究[J].计算机工程与应用,2008,44(2):149-151
[23]陈健美,宋顺林,陆虎等.改进模糊聚类算法及其在入侵检测中的应用[J].东南大学学报(自然科学版),2007,37(4):589-592
[24]陆虎.基于PCA与属性权重模糊聚类的入侵检测方法[J].江苏科技大学学报(自然科学版),2008,22(2):67-70
[25]朱红斌,蔡郁.基于进化半监督模糊聚类算法的病毒检测研究[J].计算机技术与自动化,2008,27(1):104-106
[26]郭亚周,高德远,高翔.模糊聚类分析在入侵检测系统中的应用研究[J].沈阳理工大学学报,2005,24(4):26-28
[27]王瑜,姚国珍,黄怡然.基于线性预测的DDoS攻击检测方法[J].计算机工程.2008,34(20):156-158
[28]唐鹏,张自力.基于信息熵的多Agent DDoS攻击检测[J].计算机科学,2008,35(3):292-295
[29]刘渊,周刚.基于提升小波的DDoS实时检测[J].计算机工程与应用,2007,43(32):122-124
[30]W. Richard Stevens. TCP/IP详解卷1:协议[M].北京:清华大学出版社,2000
[31]陈波,于泠.DoS攻击原理与对策的进一步研究[J].计算机工程与应用,2001,37(10):30-33
[32]苏更殊,李之堂.DDoS攻击的分析、检测与防范技术[J].计算机工程与设计,2002,23(11):5-8
[33]P.J.Criscuolo. Distributed Denial of Service Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319, Department of Energy Computer Incident Advisory(CIAC), UCRL-ID-136939, Rev.1[J]. Lawrence Livermore National Laboratory, February 14,2000
[34]D.Dittrich. The Tribe Flood Network Distributed Denial of Service attack tool[J]. University of Washington, October 21,1999
[35]J.Barlow, W.Thrower. TFN2K-an analysis[DB/OL]. http://security.royans,net/ info/posts/bugtrag_ddos2.shtml
[36]D.Ddittrich. The stacheldraht_Distributed Denial of Service attack tool[J]. Uninversity of Washington, December 1999, Available fromhttp://staff. washington. edu/dittrich/misc/stacheldraht.analysis.txt
[37]D.Dittrch, G. Weaver, S.dietrich etal. The mstream Distribute Denial of Service attack tool[DB/OL]. May 2000, Available fromhttp://staff. Washington. edu/dittrich/misc.mstream.analysis.txt
[38]S.Dietrich, N.Long, D.Dittrich. Analyzing Distributed Denial of Service tools:the Shaft Case, in:Proceedings of the 14th Systems Administration Conference (LISA2000)[J]. New Orleans, LA, USA, December 3-8,2000,329-339
[39]B.Hancock. Trinity V3, a DDoS tool, hits the streets[J]. Computer Security. 2000,19(7):574-579
[40]CERT Coordination Center, Carnegie Mellon Software Engineering Institue. CERT Advisory CA-2001-20 Continuing threats to home users[J].23,2001, Available from http://www.cert.org/advisories/CA-2001-20.html
[41]刘峰,胡昌振,帅艳民.基于分形特征的网络异常检测方法研究[J].计算机工程和应用,2004,22:34-36
[42]PaulBaroful, JeeffryKline, Dvaid Plokna etal. A Signal Analysis of Network Traffic Anomalies, Proceeding of ACM symposium Interment Measure-ment WorkshoP[J].2002,1-12
[43]杨余旺,杨静宇,孙亚民.分布式拒绝服务攻击的实现机理及其防御研究[J].计算机工程与设计,2004,25(5):657-671
[44]刘华文.模糊模式识别的基础——相似度量[J].模式识别与人工智能,2004,17(2):141-145
[45]Han Jiawei, Micheline Kamber.数据挖掘概念与技术[M].北京:机械工业出版社,2001
[46]Zadeh, L.A. A Fuzzy-set-theoretic Interpretation of Hedges [J]. Journal of Cybernetics,1972,(2):4-34
[47]E. Ruspini. Recent developments in fuzzy clustering in Fuzzy Set. and Possibility Theory:Recent Developments, R. R. Yager, Ed[J]. New York: Pergamon,1982,133-147
[48]BezdekJC. Pattern Recognition with Fuzzy Objective Function Algorithms[J]. New York:Plenum,1981
[49]朱卫未,王卫平.基于模糊聚类分析的入侵检测方法[J].系统工程与电子技术,2006,28(3):475-479
[50]丁国良,王希武,杨素敏.基于模糊聚类的入侵检测方法[J].军械工程学院学报,2005,17(6):62-65
[51]刘勇国,陈克非.基于混合遗传聚类的入侵检测算法[J].计算机工程,2006,2:23-25
[52]Portnoy L, Eskin E, Stolfo J. Intrusion Detection with unlabeled data using Clustering, Proceeding of ACM CSS Workshop on Data Mining Applied to Security[DB/OL].Philadelphia,2001
[53]罗敏.基于聚类和支持向量机的网络攻击检测研究[D].武汉大学[博士学位论文].武汉:武汉大学,2003.11
[54]李庆华,李新,蒋盛益.一种面向高维混合属性数据的异常挖掘算法[J].计算机应用,2005,25(6):42-46
[55]鲜继清,郎风华.基于模糊聚类理论的入侵检测数据分析[J].重庆大学学报.(自然科学版),2005,28(7):74-79
[56]高新波.模糊聚类分析及其应用第一版[M].西安:西安电子科技大学出版社,2004,1
[57]王晓峰.基于进化半监督式模糊聚类算法的入侵检测[M].西安:西安电子科技大学出版社,2005
[58]KDDCUP99[DB/OL] dataset, http://kdd.ics.uci.edu/database/kddcup99/kddcup99. html,1999
[59]Criscuolo PJ. Distributed denial of service-Trin00, Tribe flood network [R]. Technical Report CIAC22319. California,USA:Computer Incident Advisory Capability, Department of Energy,2000
[60]CSI/FBI Computer Crime and Security Survey[DB/OL],2003,70-82
[61]Laura Feinstein,Dan Schnackenberg.Statistical Approaches to DDoS Attack Detection and Response.Proceedings of the DARPA Information Survivability Conference and Exposition[DB/OL] (DISCEX'03)0-7695-1897-4/03, IEEE2003, 234-238
[62]李俐颖.基于信息熵的DDoS攻击检测及辅助检测模型[J].电子科技大学研究生学报,2006,(32):34-39
[63]R.Mhaajna, S.Bellovin, S.Floyd etal. Ontrolling High Bandwidth Aggregates in the Network, etwork, technical report[J]. ACIRI and AT&T Labs Research, 2001,1-15
[64]Help Defeat Denial of Service Attacks:Step-by-step[DB/OL]. http://www.sans. org/dosstep/
[65]Ji-Qing Xian, Feng-Hua Lang, Xian-Lun Tang. A novel intrusion detection method based on clonal selection clustering algorithm, Machine Learning and Cybernetics,2005[J].Proeeedings of 2005 International Conference on Volume 6, 18-21 Aug.2005,3905-3910
[66]XinUyyarllg, YongLin, MingZeng etal. A Novel DDoS Attack Detecting Algorithm Based on the Continuous Wavelet Transform[J]. Proceeding of AWCC 2004, SPringer VerlagBerlinHeidelbger2004,173-181
[67]朱良根,张玉清,雷振甲.DoS攻击及其防范[J].计算机应用研究,2004,83-87
[68]张敏,于剑.基于划分的模糊聚类算法[J] 软件学报,2004,15(6):555-565