CN106790295A - The method that distributed denial of service network attack is detected based on grey forecasting model - Google Patents

The method that distributed denial of service network attack is detected based on grey forecasting model Download PDF

Info

Publication number
CN106790295A
CN106790295A CN201710157306.1A CN201710157306A CN106790295A CN 106790295 A CN106790295 A CN 106790295A CN 201710157306 A CN201710157306 A CN 201710157306A CN 106790295 A CN106790295 A CN 106790295A
Authority
CN
China
Prior art keywords
network
flow
model
value
single order
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710157306.1A
Other languages
Chinese (zh)
Other versions
CN106790295B (en
Inventor
易运晖
李国娟
朱畅华
陈南
赵楠
何先灯
权东晓
鲁林林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710157306.1A priority Critical patent/CN106790295B/en
Publication of CN106790295A publication Critical patent/CN106790295A/en
Application granted granted Critical
Publication of CN106790295B publication Critical patent/CN106790295B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Abstract

The present invention proposes a kind of method that distributed denial of service network attack is detected based on grey forecasting model, mainly solves that prior art is big for the energy and resource requirement, the slow-footed problem of attack detecting.Its scheme is:1. network flow characteristic is extracted;2. according to the network flow characteristic for being extracted, the single order single argument gray model of network context radiant flux and non-network background radiation flow is set up, realize the identification to network context radiant flux;3. according to the network flow characteristic for being extracted, the single order single argument gray model of the flow of network context radiant flux normal discharge and distributed denial of service DDoS is set up, realize the detection to distributed denial of service ddos attack.The present invention improves the speed of attack detecting, can be used to carry out attack detecting for the limited network equipment of the energy and resource.

Description

The method that distributed denial of service network attack is detected based on grey forecasting model
Technical field
The invention belongs to computer network security field, more particularly to a kind of detection distributed denial of service network attack Method, in the abnormality detection network that can be used under resource, limited energy.
Background technology
Network context radiant flux IBR, is uncalled one-way flow on internet, is also a kind of unauthorized flow. For IBR stream quantifier elimination contribute to control its origin cause of formation and characteristic, can for network security related work provide technical support with Ensure.Various distributed denial of service network attack DDoS can be initiated using this flow, and ddos attack is still present Topmost network attack mode, so and value also just more meaningful for unauthorized stream quantifier elimination.Existing DDoS is attacked Detection of the detection mainly under general network flow is hit, not specifically designed for the detection of IBR flows, and existing DDoS Detection method is mainly message frequencies, and whether whether the feature of normal, network traffics is normal, but this is required for according to substantial amounts of Network traffic analysis data, required resource, the energy are very big, are used for some nodes in present Internet of Things Equipment is unpractical, resource, limited energy due to these equipment.Feitosa E, Souto E, Sadok D H, Dainotti A Amman R Aben E et al. are conducted in-depth research to IBR flows, research find DDoS be mostly Found in IBR flows.But the existing survey that the IBR flows based on darknet are primarily related to for IBR stream quantifier eliminations Amount, the analysis of feature, the application in ddos attack.And it is less for the research of the operational network in reality.Relative to darknet, Operational network has researching value higher for Transitional Space, and acquired in darknet, Transitional Space is simple IBR flows.More need IBR flows are extracted in the operational network to be used in reality, but it is growing day by day due to data volume, it is impossible to realize extract real-time IBR flows simultaneously detect ddos attack, and this is accomplished by a kind of efficiently IBR flows identification in real time and ddos attack testing mechanism.
The content of the invention
It is an object of the invention to be directed to the defect that above-mentioned prior art is present, propose a kind of based on single order single argument grey The method of model inspection distributed denial of service network attack, is attacked with the environment of resource and limited energy, improving detection Speed.
To achieve the above object, technical solution of the present invention includes as follows:
(1) network traffics of operational network are obtained, and extracts the characteristic value of network traffics;
(2) characteristic value of the operational network flow according to obtained by sets up network context radiant flux and non-network background spoke The single order single argument gray model of amount of jet:
Wherein,It is the single order list to be set up network context radiant flux and non-network background radiation flow Variable gray model, l=1,2,3 ..., l-th value of sequence is represented,It is the characteristic value sequence of primitive network flow First value, m=1, represent set up be normal network context radiant flux model, what m=2 represented foundation is distribution Formula refuses the model of service DDoS attack flow, and a is development coefficient, and b is grey actuating quantity;
(3) single order single argument gray model is set up according to (2), obtains operational network flow to be measured by two kinds of single order lists The value of gained after variable gray model, is abbreviated as gray value, and calculates two differences between gray value and initial value respectively, will Model corresponding to the small gray value of difference is judged to the model corresponding to operational network flow to be measured;
(4) according to the characteristic value of the operational network flow obtained by (1), the normal discharge of network context radiant flux is set up With the single order single argument gray model of distributed denial of service ddos attack flow:
Wherein,It is the single order list of the normal discharge to be set up and distributed denial of service ddos attack flow Variable gray model, l=1,2,3 ..., l-th value of sequence is represented,It is the characteristic value sequence of primitive network flow First value, n=1 represents that what is set up is the model of normal network context radiant flux, and n=2, what expression was set up is distribution Formula refuses the model of service DDoS attack flow, and a is development coefficient, and b is grey actuating quantity;
(5) single order single argument gray model is set up according to (4), obtains network under test background radiation flow by two kind one The gray value of gained after rank single argument gray model, and two kinds of differences between gray value and initial value are calculated respectively, by difference Model corresponding to small gray value is judged to the model corresponding to network under test background radiation flow;
(6) model corresponding to network under test background radiation flow is obtained according to (5), judges network context radiation to be measured Whether there is distributed denial of service ddos attack in network where flow:
If the model corresponding to network radiation background flow to be measured is the single order list of distributed denial of service ddos attack Variable gray model, then the network under test radiation background flow is distributed denial of service ddos attack flow, is judged in network There is distributed denial of service ddos attack;
If the model corresponding to network radiation background flow to be measured is that the single order of proper network background radiation flow is monotropic Amount gray model, then network under test radiation background flow is normal discharge, is judged to do not exist distributed denial of service in network Ddos attack.
The present invention compared with prior art, has the following advantages that:
First, the present invention detects that distributed denial of service DDoS is attacked by the method that single order single argument gray model is modeled Hit, because single order single argument gray model modeling process is simple, data volume demand is small, amount of calculation is small, calculating speed is fast, so can To detect distributed denial of service ddos attack present in network faster, the speed that detection is attacked is improve;
Second, the single order single argument gray model that the present invention is used, because its demand to the energy and resource is few, phase Than the network equipment that the energy and resource-constrained are more suitable in other distributed denial of service ddos attack detection methods.
Brief description of the drawings
Fig. 1 realizes general flow chart for of the invention;
Fig. 2 is the single order single argument grey mould of network context radiant flux in the present invention and non-network background radiation flow The Establishing process of type;
Fig. 3 be network in the present invention help background traffic normal discharge and distributed denial of service ddos attack one The Establishing process of rank single argument gray model.
Specific embodiment
Below in conjunction with the accompanying drawings, the present invention is described in further detail.
Reference picture 1, it is of the invention to realize that step is as follows:
Step 1, obtains the network traffics of operational network, and extracts the characteristic value of network traffics.
The network traffics of operational network 1a) are obtained, operational network flow is obtained by flow collection in network node;
The characteristic value of network traffics 1b) is extracted, i.e., by the network context in the 1 second statistical unit time respectively by network Distributed denial of service DDoS flows in radiant flux, non-network background radiation flow, network context radiant flux and treat The number of the packet included in the network traffics of survey, using the number of these packets as extract network traffics feature Value.
Step 2, the characteristic value according to resulting operational network flow sets up network context radiant flux and the non-network back of the body The single order single argument gray model of scape radiant flux.
Reference picture 2, this step is implemented:
2a) according to the characteristic value of the network traffics extracted, the initial characteristicses value sequence of network traffics is obtained
Wherein, fm (0)L () is the initial characteristicses value sequence of network trafficsL-th component, L is to set up network context The data volume of the single order single argument gray model of radiant flux and non-network background radiation flow, m=1, represent foundation is net The model of network background radiation flow, what m=2 represented foundation is the model of non-network context radiant flux;
2b) calculateThe cumulative sequence of single orderFor:
Wherein,ForL-th component;
2c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1)
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
2d) Grey Differential Equation for building single order single argument gray model is:
Wherein, a is development coefficient, and b is grey actuating quantity;
2e) solve 3d) in Grey Differential Equation coefficient matrix:Obtain a and b Solution, wherein:
It is to use Z(1)Component constitute matrix,It is useComponent constitute Matrix;
2f) according to obtaining 2e) a and b solution, obtain 2d) in the solution of Grey Differential Equation be:
Wherein,It is the initial characteristicses value sequence of network trafficsSecond value;
2g) according to 2f) solution of the differential equation that obtains, by calculatingSet up network context spoke The single order single argument gray model of amount of jet and non-network background radiation flow:
Step 3, according to the gray model that step 2 is set up, when calculating l=L-1, network context radiant flux and non-network The single order single argument gray model of background radiation flowThe gray value of gained.
Step 4, calculates the difference between two kinds of gray values and the characteristic value initial value of operational network flow respectively.
4a) calculate operational network flow by network context radiant flux single order single argument gray model obtained by grey ValueWith the characteristic value of initial launch network trafficsDifference
4b) calculate operational network flow by non-network background radiation flow single order single argument gray model obtained by ash ColourWith the characteristic value of initial launch network trafficsDifference
Step 5, the model according to corresponding to step 4 by the small gray value of difference is judged to that operational network flow institute to be measured is right The model answered:
If the model corresponding to operational network flow to be measured is the single order single argument grey mould of network context radiant flux Type, then the network under test radiation background flow is network context radiant flux;
If the model corresponding to operational network flow to be measured is the single order single argument grey of non-network background radiation flow Model, then the network under test radiation background flow is non-network background radiation flow.
Step 6, sets up the normal discharge and the one of distributed denial of service ddos attack flow of network context radiant flux Rank single argument gray model.
Reference picture 3, this step is implemented:
6a) according to the characteristic value of the network traffics extracted, network traffics initial characteristicses value sequence is obtained
Wherein,It is the initial characteristicses value sequence of network trafficsL-th component, L is to set up network context spoke The normal discharge of amount of jet and the data volume of distributed denial of service ddos attack flow, n=1, represent foundation is the network back of the body The model of scape radiant flux, what n=2 represented foundation is the model of non-network context radiant flux;
6b) calculateThe cumulative sequence of single orderFor:
Wherein,It is the cumulative sequence of single orderL-th component;
6c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1)
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
6d) build the single order list of the normal discharge with distributed denial of service ddos attack flow of network context radiant flux The Grey Differential Equation of variable gray model is:
Wherein, a is development coefficient, and b is grey actuating quantity;
6e) solve 6d) Grey Differential Equation coefficient matrix:Obtain a's and b Solution, wherein:
It is to use Z(1)Component constitute matrix,It is useComponent constitute Matrix;
6f) according to obtaining 6e) a and b solution, 6d can be obtained) in the solution of Grey Differential Equation be:
Wherein,It is the initial characteristicses value sequence for the network traffics for modelingSecond value;
6g) according to 6f) solution of the differential equation that obtains, by calculatingSet up network context radiation The single order single argument gray model of normal discharge and distributed denial of service ddos attack flow:
Step 7, according to step 6, as l=L-1, obtains operational network flow to be measured and is refused with distribution by normal discharge Exhausted service DDoS attack flow single order single argument gray modelGray value obtained by afterwards.
Step 8, judges the model corresponding to operational network flow to be measured.
8a) calculate single order single argument grey mould of the network under test background radiation flow by proper network background radiation flow Gray value obtained by typeWith the characteristic value of initial network under test background radiation flowDifference
8b) calculate single order single argument grey of the network under test background radiation flow by distributed denial of service ddos attack The gray value that model is obtainedWith the characteristic value of initial network under test background radiation flowDifference
8c) according to step 8a) and 8b), the model corresponding to the small gray value of difference is judged to network under test background spoke Model corresponding to amount of jet.
Step 9, the model according to corresponding to step 8 obtains network under test background radiation flow judges the network back of the body to be measured Whether there is distributed denial of service ddos attack in network where scape radiant flux:
If the model corresponding to network radiation background flow to be measured is the single order list of distributed denial of service ddos attack Variable gray model, then the network under test radiation background flow is distributed denial of service ddos attack flow, in illustrating network There is distributed denial of service ddos attack;
If the model corresponding to network radiation background flow to be measured is that the single order of proper network background radiation flow is monotropic Amount gray model, then network under test radiation background flow is normal discharge, illustrates do not exist distributed denial of service in network Ddos attack.
Described above is only example of the present invention, does not constitute any limitation of the invention, it is clear that for For one of skill in the art, after present invention and principle is understood.All may be without departing substantially from the principle of the invention, structure In the case of, various amendments and the change in form and details are carried out, but these are based on the amendment of inventive concept and change still Within claims of the invention.

Claims (7)

1. it is a kind of based on grey forecasting model detect distributed denial of service network attack method, including
(1) network traffics of operational network are obtained, and extracts the characteristic value of network traffics;
(2) characteristic value of the operational network flow according to obtained by sets up network context radiant flux and non-network background radiation stream The single order single argument gray model of amount:
f ^ m ( 0 ) ( l + 1 ) = { f m ( 0 ) ( 1 ) - b a } e - a l · ( 1 - e a )
Wherein,It is the single order single argument ash to be set up network context radiant flux and non-network background radiation flow Color model, l=1,2,3 ..., l-th value of sequence is represented,It is first of the characteristic value sequence of primitive network flow Value, m=1 represents that what is set up is the model of normal network context radiant flux, and what m=2 represented foundation is distributed refusal clothes The model of business ddos attack flow, a is development coefficient, and b is grey actuating quantity;
(3) single order single argument gray model is set up according to (2), obtains operational network flow to be measured by two kinds of single order single arguments The value of gained after gray model, is abbreviated as gray value, and calculates two differences between gray value and initial value respectively, by difference Model corresponding to small gray value is judged to the model corresponding to operational network flow to be measured;
(4) according to the characteristic value of the operational network flow obtained by (1), set up the normal discharge of network context radiant flux and divide Cloth refuses the single order single argument gray model of service DDoS attack flow:
c ^ n ( 0 ) ( l + 1 ) = { c n ( 0 ) ( 1 ) - b a } e - a l · ( 1 - e a )
Wherein,It is the single order single argument of the normal discharge to be set up and distributed denial of service ddos attack flow Gray model, l=1,2,3 ..., l-th value of sequence is represented,It is the first of the characteristic value sequence of primitive network flow Individual value, n=1, represent set up be normal network context radiant flux model, n=2, represent set up be that distribution is refused The model of exhausted service DDoS attack flow, a is development coefficient, and b is grey actuating quantity;
(5) single order single argument gray model is set up according to (4), obtains network under test background radiation flow by two kinds of single order lists The gray value of gained after variable gray model, and calculate respectively two kinds of gray values and operational network flow characteristic value initial value it Between difference, the model corresponding to the small gray value of difference is judged to the model corresponding to network under test background radiation flow;
(6) model corresponding to network under test background radiation flow is obtained according to (5), judges network context radiant flux to be measured Whether there is distributed denial of service ddos attack in the network at place:
If the model corresponding to network radiation background flow to be measured is the single order single argument of distributed denial of service ddos attack Gray model, then the network under test radiation background flow is distributed denial of service ddos attack flow, is judged to exist in network Distributed denial of service ddos attack;
If the model corresponding to network radiation background flow to be measured is the single order single argument ash of proper network background radiation flow Color model, then network under test radiation background flow is normal discharge, is judged to be attacked in the absence of distributed denial of service DDoS in network Hit.
2. method according to claim 1, it is characterised in that the characteristic value of network traffics is extracted in step (1), is to pass through Respectively by network context radiant flux, non-network background radiation flow, the network context spoke of network in 1 second statistical unit time The number of the packet included in the distributed denial of service DDoS flows and network traffics to be measured in amount of jet, by these The number of packet as extract network traffics characteristic value.
3. method according to claim 1, it is characterised in that network context radiant flux and non-net are set up in step (2) The single order single argument gray model of network background radiation flow, is carried out as follows:
2a) according to the characteristic value of the network traffics extracted, the initial characteristicses value sequence of network traffics is obtained
F m ( 0 ) = ( f m ( 0 ) ( 1 ) , f m ( 0 ) ( 2 ) , ... , f m ( 0 ) ( l ) , ... f m ( 0 ) ( L ) ) , f m ( 0 ) ( l ) > 0 , l = 1 , 2 , ... , L ,
Wherein, fm (0)L () is the initial characteristicses value sequence of network trafficsL-th component, L for set up network context radiation The data volume of the single order single argument gray model of flow and non-network background radiation flow, m=1, represent foundation is the network back of the body The model of scape radiant flux, what m=2 represented foundation is the model of non-network context radiant flux;
2b) calculateThe cumulative sequence of single orderFor:
F m ( 1 ) = ( f m ( 1 ) ( 1 ) , f m ( 1 ) ( 2 ) , ... , f m ( 1 ) ( l ) , f m ( 1 ) ( L ) )
Wherein,ForL-th component;
2c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1)
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
2d) Grey Differential Equation for building single order single argument gray model is:
f m ( 0 ) ( l ) + a z ( 1 ) ( l ) = b ,
Wherein, a is development coefficient, and b is grey actuating quantity;
2e) solve 2d) in Grey Differential Equation coefficient matrix:Obtain a's and b Solution, wherein:
It is to use Z(1)The matrix that is constituted of component,It is useComponent constituted Matrix;
2f) according to 2e) solution of a that is calculated and b, obtain 2d) in the solution of the differential equation be:
f ^ m ( 1 ) ( l + 1 ) = { f m ( 0 ) ( 1 ) - b a } e - a l + b a ,
Wherein,It is the initial characteristicses value sequence of network trafficsSecond value;
2g) according to 2f) solution of the differential equation that obtains, by calculatingSet up network context radiant flux The single order single argument gray model of amount and non-network background radiation flow:
f ^ m ( 0 ) ( l + 1 ) = f ^ m ( 1 ) ( l + 1 ) - f ^ m ( 1 ) ( l ) = { f m ( 0 ) ( 1 ) - b a } e - a l · ( 1 - e a ) , l = 1 , 2 , 3 , ... .
Wherein,It is l+1 of the solution of the differential equation,It is l of Solutions of Ordinary Differential Equations.
4. method according to claim 1, it is characterised in that initial value refers to the operation net to be measured of extraction in step (3) The initial characteristic values of network flow.
5. method according to claim 1, it is characterised in that sets up single order single argument grey according to (2) in step (3) Model, obtains gray value of the operational network flow to be measured by gained after two kinds of single order single argument gray models, refers to work as l=L- When 1, the single order single argument gray model of network context radiant flux and non-network background radiation flowThe ash of gained Colour.
6. method according to claim 1, it is characterised in that step sets up the normal of network context radiant flux in (4) Flow and the single order single argument gray model of distributed denial of service ddos attack flow, set up process as follows:
4a) according to the characteristic value of the network traffics extracted, network traffics initial characteristicses value sequence is obtained
C n ( 0 ) = ( c n ( 0 ) ( 1 ) , c n ( 0 ) ( 2 ) , ... , c n ( 0 ) ( l ) , ... , c n ( 0 ) ( L ) ) , c n ( 0 ) ( l ) > 0 , l = 1 , 2 , ... , L ,
Wherein,It is the initial characteristicses value sequence of network trafficsL-th component, L is to set up network context radiant flux The normal discharge of amount and the data volume of distributed denial of service ddos attack flow, n=1, represent foundation is network context spoke The model of amount of jet, what n=2 represented foundation is the model of non-network context radiant flux;
4b) calculateThe cumulative sequence of single orderFor:
C n ( 1 ) = ( c n ( 1 ) ( 1 ) , c n ( 1 ) ( 2 ) , ... , c n ( 1 ) ( l ) , c n ( 1 ) ( L ) )
Wherein,It is the cumulative sequence of single orderL-th component;
4c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1)
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
4d) build the single order single argument of the normal discharge with distributed denial of service ddos attack flow of network context radiant flux The Grey Differential Equation of gray model is:
c n ( 0 ) ( l ) + a z ( 1 ) ( l ) = b ,
Wherein, a is development coefficient, and b is grey actuating quantity;
4e) solve 4d) Grey Differential Equation coefficient matrix:The solution of a and b is obtained, Wherein:
It is to use Z(1)The matrix that is constituted of component,It is useThe matrix for being constituted;
4f) according to 4e) solution of a that is calculated and b, and then obtain 4d) solution be:
c ^ n ( 1 ) ( l + 1 ) = { c n ( 0 ) ( 1 ) - b a } e - a l + b a ,
Wherein,It is the initial characteristicses value sequence for the network traffics for modelingSecond value;
4g) according to 4f) solution of the differential equation that obtains, by calculatingSet up network context radiation normal The single order single argument gray model of flow and distributed denial of service ddos attack flow:
c ^ n ( 0 ) ( l + 1 ) = c ^ n ( 1 ) ( l + 1 ) - c ^ n ( 1 ) ( l ) = { c n ( 0 ) ( 1 ) - b a } e - a l · ( 1 - e a ) , l = 1 , 2 , 3 , ...
Wherein,It is l+1 of the solution of the differential equation,It is l of the solution of the differential equation.
7. method according to claim 1, it is characterised in that network under test background radiation flow warp is obtained in step (5) The gray value of gained after two kinds of single order single argument gray models is crossed, refers to normal discharge and distributed refusal clothes as l=L-1 The single order single argument gray model of business ddos attack flowThe value of gained.
CN201710157306.1A 2017-03-16 2017-03-16 Method based on grey forecasting model detection distributed denial of service network attack Active CN106790295B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710157306.1A CN106790295B (en) 2017-03-16 2017-03-16 Method based on grey forecasting model detection distributed denial of service network attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710157306.1A CN106790295B (en) 2017-03-16 2017-03-16 Method based on grey forecasting model detection distributed denial of service network attack

Publications (2)

Publication Number Publication Date
CN106790295A true CN106790295A (en) 2017-05-31
CN106790295B CN106790295B (en) 2019-10-11

Family

ID=58966179

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710157306.1A Active CN106790295B (en) 2017-03-16 2017-03-16 Method based on grey forecasting model detection distributed denial of service network attack

Country Status (1)

Country Link
CN (1) CN106790295B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600859A (en) * 2020-05-08 2020-08-28 恒安嘉新(北京)科技股份公司 Method, device, equipment and storage medium for detecting distributed denial of service attack

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217377A (en) * 2008-01-18 2008-07-09 南京邮电大学 A detecting method of distributed denial of service attacking based on improved sequence scale regulation
CN102821007A (en) * 2012-08-06 2012-12-12 河南科技大学 Network security situation awareness system based on self-discipline computing and processing method thereof
CN104506482A (en) * 2014-10-10 2015-04-08 香港理工大学 Detection method and detection device for network attack
CN104850916A (en) * 2015-05-31 2015-08-19 上海电机学院 Improved-gray-Markov-model-based power equipment fault prediction method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217377A (en) * 2008-01-18 2008-07-09 南京邮电大学 A detecting method of distributed denial of service attacking based on improved sequence scale regulation
CN102821007A (en) * 2012-08-06 2012-12-12 河南科技大学 Network security situation awareness system based on self-discipline computing and processing method thereof
CN104506482A (en) * 2014-10-10 2015-04-08 香港理工大学 Detection method and detection device for network attack
CN104850916A (en) * 2015-05-31 2015-08-19 上海电机学院 Improved-gray-Markov-model-based power equipment fault prediction method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600859A (en) * 2020-05-08 2020-08-28 恒安嘉新(北京)科技股份公司 Method, device, equipment and storage medium for detecting distributed denial of service attack
CN111600859B (en) * 2020-05-08 2022-08-05 恒安嘉新(北京)科技股份公司 Method, device, equipment and storage medium for detecting distributed denial of service attack

Also Published As

Publication number Publication date
CN106790295B (en) 2019-10-11

Similar Documents

Publication Publication Date Title
Wang et al. Unification of theoretical approaches for epidemic spreading on complex networks
Xiao et al. Deep-q: Traffic-driven qos inference using deep generative network
Zhang et al. Enhancing the transmission efficiency by edge deletion in scale-free networks
Gupta et al. Centrality measures for networks with community structure
CN104836810B (en) A kind of collaborative detection method of NDN low speed caching pollution attack
Dong et al. Network measurement based modeling and optimization for IP geolocation
CN105681338A (en) Vulnerability exploiting success probability calculation method and network security risk management method
CN105162654B (en) A kind of link prediction method based on local community information
CN103152341B (en) The network security situation awareness emulation mode that a kind of actual situation combines and system
CN103294833B (en) The junk user of concern relation based on user finds method
TW201103281A (en) Botnet early detection using HHMM algorithm
CN107454039A (en) The method of network attack detection system and detection network attack
Xu et al. Detection on application layer DDoS using random walk model
CN106972952A (en) A kind of Information Communication leader's Node extraction method based on internet pricing correlation
CN106790295A (en) The method that distributed denial of service network attack is detected based on grey forecasting model
CN103281158A (en) Method for detecting communication granularity of deep web and detection equipment thereof
CN101986608B (en) Method for evaluating heterogeneous overlay network load balance degree
Kesidis et al. Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms
Zhang et al. Traffic fluctuations on weighted networks
CN105812204B (en) A kind of recurrence name server online recognition method based on Connected degree estimation
CN112016085A (en) Power transmission and distribution system planning method for coping with information-physical cooperative attack
CN106603294A (en) Comprehensive vulnerability assessment method based on power communication network structure and state
CN106656464A (en) Complex network side attack method under power exponent adjustable attack cost
CN106790099A (en) Charge network survivability Measurement Method based on network survivability entropy
Zhao et al. Modular effects on epidemic dynamics in small-world networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant