[论文解读] Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud
本文提出了一种基于熵的异常检测系统,集成入侵检测以防止云环境中的DDoS攻击。通过在本地网络和云侧两个网络层级分析流量熵,系统识别正常行为的偏差,将熵值超过阈值的用户标记为潜在攻击者,从而在签名检测方法之外提升对零日攻击和隐蔽攻击的检测能力。
Cloud Computing is a recent computing model provides consistent access to wide area distributed resources. It revolutionized the IT world with its services provision infrastructure, less maintenance cost, data and service availability assurance, rapid accessibility and scalability. Grid and Cloud Computing Intrusion Detection System detects encrypted node communication and find the hidden attack trial which inspects and detects those attacks that network based and host based cant identify. It incorporates Knowledge and behavior analysis to identify specific intrusions. Signature based IDS monitor the packets in the network and identifies those threats by matching with database but It fails to detect those attacks that are not included in database. Signature based IDS will perform poor capturing in large volume of anomalies. Another problem is that Cloud Service Provider hides the attack that is caused by intruder, due to distributed nature cloud environment has high possibility for vulnerable resources. By impersonating legitimate users, the intruders can use a services abundant resources maliciously. In Proposed System we combine few concepts which are available with new intrusion detection techniques. Here to merge Entropy based System with Anomaly detection System for providing multilevel Distributed Denial of Service. This is done in two steps: First, Users are allowed to pass through router in network site in that it incorporates Detection Algorithm and detects for legitimate user. Second, again it pass through router placed in cloud site in that it incorporates confirmation Algorithm and checks for threshold value, if its beyond the threshold value it considered as legitimate user, else its an intruder found in environment.
研究动机与目标
- 解决基于签名的入侵检测系统(IDS)在检测云环境中未知或零日DDoS攻击时的局限性。
- 利用基于熵的分析方法,识别指示分布式拒绝服务(DDoS)攻击的异常流量模式。
- 通过在本地网络和云路由器处实施两级验证流程,提升检测准确性。
- 通过监控熵阈值下的行为偏差,减少误报并提高对隐蔽攻击的检测能力。
- 提供多层防御机制,结合熵分析与异常检测,以增强云安全。
提出的方法
- 系统使用熵计算来测量本地网络路由器处的网络流量随机性,以识别潜在异常。
- 经基于熵的检测确认行为正常的合法用户可经由第一级路由器通过。
- 流量随后在云侧路由器处通过确认算法重新评估,检查熵是否超过预设阈值。
- 若熵值超过阈值,则将用户分类为攻击者;否则视为合法用户。
- 该方法结合基于知识的分析与行为建模,检测传统网络或主机级IDS无法识别的攻击。
- 双层架构确保仅具有稳定、低熵(可预测)流量模式的用户才能获得访问权限,从而降低资源耗尽风险。
实验结果
研究问题
- RQ1基于熵的分析能否有效检测云环境中指示DDoS攻击的异常流量模式?
- RQ2将熵与异常检测结合,相较于基于签名的系统,如何提升对零日和未知攻击的检测能力?
- RQ3何种熵阈值可实现误报与恶意行为检测之间的最佳平衡?
- RQ4两级检测机制(本地网络和云侧)在攻击者耗尽云资源前识别攻击者方面的有效性如何?
- RQ5基于熵的检测在多大程度上可降低因伪装成合法用户的攻击者导致的资源耗尽风险?
主要发现
- 所提出的系统通过熵分析成功检测到DDoS攻击,即使此类攻击未存在于签名数据库中。
- 两级检测流程——首先在本地网络路由器处,随后在云侧路由器处——提升了检测准确性并减少了误报。
- 熵值超过预设阈值的用户被标记为潜在攻击者,表明存在如资源耗尽等恶意行为。
- 该系统有效降低了云服务提供商因云环境的分布式特性而隐藏攻击的风险。
- 通过结合熵分析与异常检测,该系统在检测新型或零日DDoS攻击方面优于传统基于签名的IDS。
- 该方法通过检测可逃避传统网络和主机级入侵检测系统的隐蔽攻击,增强了云环境的安全性。
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。