| Along with the Internet spreading into every area of the society, DoS attack has appearedmore frequently nowadays, from every industrial sector to our daily life. In addition, as animportant part of the network-centric warfare’s idea, using DoS attack to crush down targets’network is an efficient strategy. DoS attack becomes a big threat to the Internet world. Thereforeprevention of DoS attack is an important topic for network security. Because of the independenceof each network’s prevention of DoS attack, current researches on DoS attack protection can notgenerate a DoS attack situation. It is difficult to form an effective and unified defense strategyfor lacking of a global view. The overall deterrent effect for DoS attack needs to be improved.This paper focuses on using Network Situational Awareness to generate a DoS attacksituation. Through the technology’s data fusion capability, the overall network DoS attacksituation can be effectively assessed. This provides more information for decision-makers toevaluate the network situation under a DoS attack. The outline is listed as below:1) Two assessment methods proposal. This article starts with introduction of DoS attack,including concept, classification, background, current situation and future trends. Then twoassessment methods are proposed based on future attack characteristics. The assumption forthese two methods is that DoS attack situation can be represented by the degree of resourceconsumption and service quality. The situation assessment based on the consumption of theresource and based on the quality of service is separately proposed. Both methods are appliedwith a hierarchical model, which integrates assessment index data layer by layer from the bottomto the top. Index weights are revised to ensure the accuracy of trend results. Advantages of thesetwo methods: complement and validation can be flexibly matched with each other to broaden thescope of application and to reduce the difficulty of deployment. Finally, the experiment verifiesthat the two proposed situation assessment methods are feasible, effective, and has features oflightweight and efficient.2) Two DoS attack situation visualization methods proposal. In response to the need ofsituation visualization, methods are proposed respectively in both macro and micro levels. Theformer one is based on the Map-based geographic information system (GIS) point value at themacro level. The point value chart symbols are redefined to demonstrate the multi-dimensionaldata and graphically display some situation elements, such as the overall and local strength of theDoS attacks, sphere of influence, and situation change process. The latter one is based on theparallel coordinate visualization methods in the micro level. It graphically displays the details ofthe numerical model, i.e. the change of each element in the network. The interactive K-Meansalgorithm is applied for data classification coloring for better effect of visualization. 3) Design and implementation of DoS attack situation awareness prototype system(resource exhaustion based). System is realized on the basis of ideas mentioned above. With theuse of modularization design, the effectiveness and feasibility of the system are verified byexperiments of DoS attack on laboratory’s network.The proposed DoS attack situation assessment methods based on the consumption ofresources and quality of service make a good attempt to apply situation awareness to the researchof detection and prevention of DoS attack. The study results are valuable in both theoretical andpractical. |
PDF Full Text Request