| In recent years, people rely more and more on the computer network, so the network security is an important issue. Hence, reliable detection of distributed denial-of-service (DDoS) attacks is worth studying. There are two kinds of IDS:host based and network based. The network based detects the network data flow. It can be divided into misuse detect and abnormity detect. Misuse detect based on the character of anciently attack. It can detect the old attacks accurately but weakly in detecting the new DDoS attack because of the new one does not exist in the character storeroom. This article is abnormity detect.Abnormity detect can be used to detect new DDoS attack but fail will appeared when the abnormal is judged to normal. What is the probability to identify the flow right? It is the problem of reliability which is the mostly character of this article. Users can set the warning probability and the miss probability beforehand.The character of traditional DDoS attack is the data rate is very high. So the IDS detects in high rate (include our former work). In recent years, a class of low-rate denial of service attacks which aims to escape the conventionality detect appear in the world. So the reliability is worth studying. This paper puts forward an IDS which can detected the low-rate attack acauritily. It contains three sections:1) The real collection of network flow,2) Decision-making,3) Warning. The input is network flow and output is the warning of abnormal flow. It can make decision and warning according to the user'appointment.The major contributions of this paper:First, anylizes the theory and mothed of Low-Rate DDoS, classifies the defense method against Low-Rate DDoS. Second, puts forward an IDS which can detected the low-rate attack acauritily. Third, uses NS2 to simulize the TCP targeted Low-Rate DDoS, validate the better parameters during attack. |
PDF Full Text Request