摘要
DDoS攻击利用IP协议的缺陷,通过消耗目标主机网络带宽及系统资源,使合法用户无法得到正常服务。由于采用源IP地址欺骗、代理等技术,现有的网络追踪技术不能有效追踪DDoS攻击源。针对取证人员开展DDoS追踪取证工作存在线索中断、取证困难等问题,提出了基于行为分析的DDoS攻击源追踪技术。它采用随机Petri网对DDos攻击行为进行建模,分析DDoS攻击行为的特征,通过与历史攻击行为进行匹配分析,确定可疑的攻击组织,结合攻击行为的主要特性对攻击源进行重点追踪并取证分析。通过案例对基于行为分析的DDoS攻击源追踪方法进行了分析和说明,并与其他方法进行了比较。进一步拓宽了DDoS攻击源追踪方法,通过与目前攻击源追踪技术相结合,能够提升DDoS攻击源追踪效率。
DDoS attack takes advantage of the defect of IP protocol,by consuming network bandwidth and system resources of the target host,so that legitimate users cannot receive normal services.Due to the use of source IP address spoofing,proxy and other technologies,the existing network tracking technologies cannot effectively trace the source of DDoS attacks.In order to solve the problems of clue interruption and difficulty in forensics in DDoS tracking,this paper proposes a DDoS attack source tracking technology based on behavior analysis.It uses random Petri nets to model DDoS attack behaviors,analyzes the characteristics of DDoS attack behaviors,and conducts matching analysis with historical attack behaviors to identify suspicious attack organizations,and focuses on tracking attack sources and forensics analysis of attack source based on the main characteristics of attack behavior.This paper analyzes and illustrates the source tracking method of DDoS attack based on behavior analysis and compares it with other methods.The method of tracing DDoS attack sources has been further expanded,and can improve the DDoS attack source tracking efficiency by combining with the current attack source tracking technology.
作者
张志强
刘三满
曹敏
ZHANG Zhi-qiang;LIU San-man;CAO Min(Shanxi Police College,Shanxi Taiyuan 030401)
出处
《山西警察学院学报》
2020年第1期120-123,共4页
Journal of Shanxi Police College
基金
山西省“1331工程”重点学科建设计划项目(1331KSC)
山西警察学院院级科研项目“基于云计算技术的网络攻防演练环境快速构建技术研究”和山西警察学院创新团队建设计划项目资助
