DDoS Attack Threat Evaluation Based On Rough Set Theory And Security Ontology Reasoning

DoS(Denial of Service Attack)is one of the most harmful ways of attacking the Internet.Through occupying massive network bandwidth or system resources instantaneously,it can result in Denial of Service of the server,so the server can not respond to the requests of legitimate users.And DDoS(Distributed Denial of Service Attack),which controls a large number of machines to develop botnet to launch DoS attacks,greatly enhances the effect of DoS attacks,causing severe threat to the system.This paper proposes a security evaluation method based on the rough set theory and security ontology reasoning theory,corresponding to quantitative and qualitative evaluation of DoS Attacks respectively,aiming at evaluating the three common DDoS attacks,i.e.Common flood attack,SYN Flood attack and HTTP Slow attack.The main work contents are as follows:(1)The quantitative security threat assessment method based on rough set theory can measure changes of the network and system indices before and after the attack,then evaluate the importance of each index and reduce indices of no value,to determine the valuable indicators used to evaluate the DDoS attacks,and then we can obtain the weighted sum of these indicators and security situation value and finally generate security situation value curve.(2)The qualitative evaluation method based on the security ontology reasoning uses the OWL language to write the relevant reasoning rules,and the system state described in the OWL language was inputted into the inference engine for reasoning,qualitatively judging the security state of the system and the specific DDoS attack type.Through the experimental verification,the evaluation method based on the rough set theory can evaluate the security status of the system quantitatively,and play the role of timely warning.The qualitative assessment based on the security ontology reasoning can effectively compensate the deficiency of the quantitative assessment method,achieving qualitative evaluation of DoS Attack.The paper evaluates the impact of DoS attacks on system security from both qualitative and quantitative perspectives,combined with each other,we can make an effective?accurate assessment on the security state of targeted system.