Research On Analysis And Detection Of Low Rate Denial Of Service Attack Based On HTTP Protocol

Denial of Service(DoS)attack has been one of the important research topics in the field of Network security.With the research going deeply,the methods of detection and defense in traditional DoS attack are relatively mature.However,there are several new low rate Denial of Service attacks(LDoS)in recent years.Among these,LDoS attack based on HTTP protocol is famous for implementing complicatedly and being discovered difficultly due to applying the vulnerabilities of network's high level protocol and has not put forward a accepted method of detection and defense widely.Therefore,this thesis studies the LDoS attacks based on HTTP protocol mainly,and finds attacking model and detection method of it.The main contents are followed.(1)Analyze a new attack scenario which uses the concurrent server.Improve the attack model for the traditional iterative server.The main improvements are as follows.The first in order to make the attack packet can quickly fill the queue in a very short time,replace the three tuple with five tuples attack waveform.The second considering the factors change dynamically in the complex network environment,construct a new prediction mechanism.Finally add regain mechanism,ensure the attack packet regain the position in the instant the position releases to ensure attack packet occupy the position in the queue in a long time.After improving the model,in order to achieve maximum attack efficiency and retain the computer resources itself.This thesis based on the NS2 simulation platform to determine the appropriate attack parameters.(2)According to the character of the change of the before and after attack,the wavelet transform algorithm is used to detect the attack,and the method is as follows.First of all,decompose flow data of network using db4 wavelet twice,and then reconstruct the decomposition of signal;secondly,search for the moment which flow data declines suddenly based on the reconstructed signal,and according to the speed of decline screen the time of attack may occur;Finally use the standard deviation todepict the network flow fluctuation,and confirm the attack comparing the characteristics of flow data in different environment.(3)Set up the experimental platform to simulate the real network,and then verify the feasibility of the optimized attack model.The result shows that the model has higher attacking efficiency than the traditional attack model.Then the method of wavelet transform is used to detect the extracted flow data,and the validity of the method is verified.Finally,the accuracy evaluation is carried out by using the obfuscation matrix,and compared with the current two kinds of classical detection algorithms from three aspects: the overall accuracy,the false alarm rate and the false negative rate.