DDoS攻击恶意行为知识库构建

刘飞扬; 李坤; 宋飞; 周华春

doi:10.11959/j.issn.1000-0801.2021257

您当前的位置：

首页 >

文章列表页 >

DDoS攻击恶意行为知识库构建

研究与开发 | 更新时间：2024-06-05

- DDoS攻击恶意行为知识库构建
- Construction of DDoS attacks malicious behavior knowledge base construction
- 电信科学 2021年37卷第11期页码：17-32
- 作者机构：
- 作者简介：
  
  [ "刘飞扬（1997− ），男，北京交通大学电子信息工程学院硕士生，主要研究方向为网络安全" ]
  [ "李坤（1997− ），男，北京交通大学电子信息工程学院博士生，主要研究方向为网络安全、智能通信" ]
  [ "宋飞（1983− ），男，北京交通大学电子信息工程学院教授，主要研究方向为信息网络理论及关键技术、信息处理与人工智能" ]
  [ "周华春（1965− ），男，博士，北京交通大学电子信息工程学院教授，主要研究方向为智能通信、移动互联网、网络安全与卫星网络" ]
- 基金信息：
  
  国家重点研发计划项目;The National Key Research and Development Program of China(2018YFA0701604)
- DOI：10.11959/j.issn.1000-0801.2021257
  中图分类号： TP393
- 网络出版日期：2021-11，
  
  纸质出版日期：2021-11-20
- 稿件说明：
移动端阅览
刘飞扬, 李坤, 宋飞, 等. DDoS攻击恶意行为知识库构建[J]. 电信科学, 2021,37(11):17-32.

Feiyang LIU, Kun LI, Fei SONG, et al. Construction of DDoS attacks malicious behavior knowledge base construction[J]. Telecommunications science, 2021, 37(11): 17-32.
刘飞扬, 李坤, 宋飞, 等. DDoS攻击恶意行为知识库构建[J]. 电信科学, 2021,37(11):17-32. DOI： 10.11959/j.issn.1000-0801.2021257.

Feiyang LIU, Kun LI, Fei SONG, et al. Construction of DDoS attacks malicious behavior knowledge base construction[J]. Telecommunications science, 2021, 37(11): 17-32. DOI： 10.11959/j.issn.1000-0801.2021257.

摘要

针对分布式拒绝服务（distributed denial of service，DDoS）网络攻击知识库研究不足的问题，提出了DDoS攻击恶意行为知识库的构建方法。该知识库基于知识图谱构建，包含恶意流量检测库和网络安全知识库两部分：恶意流量检测库对 DDoS 攻击引发的恶意流量进行检测并分类；网络安全知识库从流量特征和攻击框架对DDoS 攻击恶意行为建模，并对恶意行为进行推理、溯源和反馈。在此基础上基于DDoS 开放威胁信号（DDoS open threat signaling，DOTS）协议搭建分布式知识库，实现分布式节点间的数据传输、DDoS攻击防御与恶意流量缓解功能。实验结果表明，DDoS攻击恶意行为知识库能在多个网关处有效检测和缓解DDoS攻击引发的恶意流量，并具备分布式知识库间的知识更新和推理功能，表现出良好的可扩展性。

Abstract

Aiming at the problem of insufficient research on the knowledge base of distributed denial of service (DDoS) network attacks

a method for constructing a knowledge base of DDoS attacks malicious behavior was proposed.The knowledge base was constructed based on the knowledge graph

and contains two parts: a malicious traffic detection database and a network security knowledge base.The malicious traffic detection database detects and classifies malicious traffic caused by DDoS attacks

the network security knowledge base detects DDoS attacks from traffic characteristics and attack frameworks model malicious behaviors

and perform inference

tracing and feedback on malicious behaviors.On this basis

a distributed knowledge base was built based on the DDoS open threat signaling (DOTS) protocol to realize the functions of data transmission between distributed nodes

DDoS attack defense

and malicious traffic mitigation.The experimental results show that the DDoS attack malicious behavior knowledge base can effectively detect and mitigate the malicious traffic caused by DDoS attacks at multiple gateways

and has the knowledge update and reasoning function between the distributed knowledge bases

showing good scalability.

关键词

Keywords

references

BONGUET A , BELLAICHE M . A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing [J ] . Future Internet , 2017 , 9 ( 3 ): 43 .

ARSHI M , NASREEN M D , MADHAVI K . A survey of DDOS attacks using machine learning techniques [J ] . E3S Web of Conferences , 2020 ( 184 ): 01052 .

XIE X , LI J P , HU X Y , et al . High performance DDoS attack detection system based on distribution statistics [M ] // Lecture Notes in Computer Science . Cham : Springer International Publishing , 2019 : 132 - 142 .

董聪 , 姜波 , 卢志刚 , 等 . 面向网络空间安全情报的知识图谱综述 [J ] . 信息安全学报 , 2020 ( 5 ): 56 - 76 .

DONG C , JIANG B , LU Z G , et al . Knowledge graph for cyberspace security intelligence:a survey [J ] . Journal of Cyber Security , 2020 ( 5 ): 56 - 76 .

MITRE . Common attack pattern enumeration and classification [EB ] . 2009 .

BERMAN D , BUCZAK A , CHAVIS J , et al . A survey of deep learning methods for cyber security [J ] . Information , 2019 , 10 ( 4 ): 122 .

OBRST L , CHASE P , MARKELOFF R . Developing an ontology of the cyber security domain [C ] // STIDS .[S.l.:s.n. ] , 2012 : 49 - 56 .

CHEN X J , JIA S B , XIANG Y . A review:knowledge reasoning over knowledge graph [J ] . Expert Systems With Applications , 2020 ( 141 ): 112948 .

王勇超 , 罗胜文 , 杨英宝 , 等 . 知识图谱可视化综述 [J ] . 计算机辅助设计与图形学学报 , 2019 , 31 ( 10 ): 1666 - 1676 .

WANG Y C , LUO S W , YANG Y B , et al . A survey on knowledge graph visualization [J ] . Journal of Computer-Aided Design＆ Computer Graphics , 2019 , 31 ( 10 ): 1666 - 1676 .

陈佳 . 基于知识图谱的 DDoS 攻击源检测研究 [J ] . 信息安全研究 , 2020 , 6 ( 1 ): 91 - 96 .

CHEN J . DDoS attack detection based on knowledge graph [J ] . Journal of Information Security Research , 2020 , 6 ( 1 ): 91 - 96 .

ZHANG Z J . Graph databases for knowledge management [J ] . IT Professional , 2017 , 19 ( 6 ): 26 - 32 .

MISAKI M , TSUDA T , INOUE S , et al . Distributed database and application architecture for big data solutions [C ] // Proceedings of IEEE Transactions on Semiconductor Manufacturing . Piscataway:IEEE Press , 2016 : 328 - 332 .

SHEN G W , WANG W L , MU Q L , et al . Data-driven cybersecurity knowledge graph construction for industrial control system security [J ] . Wireless Communications and Mobile Computing , 2020 , 2020 : 1 - 13 .

王子恒 . 基于区块链的海量连接管理架构设计与实现 [D ] . 北京:北京交通大学 , 2021 .

WANG Z H . Design and implementation of mass connection management architecture based on blockchain [D ] . Beijing:Beijing Jiaotong University , 2021 .

浏览量

429

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

知识图谱在光传送网络智能运维中的应用研究

差异化需求下的非关系型分布式报送信息大数据分类方法

电信运营商知识图谱技术体系研究及应用实践

基于云原生的分布式物联网操作系统架构研究

5G承载网数据采集和安全管控演进思路