Abstract
Under the influence of the global epidemic, various businesses have moved online one after another. With the rise of emerging industries such as online medical treatment, online education, and online conference, the proportion of attacks in the network service industry has increased year by year. UDP-FLOOD is still the primary scenario of DDoS attacks. Among them, with a large number of attack resources and most of them are high configuration servers, NTP (Network Time Protocol) reflection has become the most common UDP reflection attack method, accounting for 59% of the overall distribution. Therefore, establishing an efficient NTP attack detection system is a very important content to prevent network malicious attacks. At present, NTP-attacking based defensed methods mainly include IP filtering, hop mapping, and response packet detection, but they all have obvious weaknesses. Among them, the IP detection scheme can only detect historical attack IP, the implementation of hop mapping scheme is complex, and the resource overhead of response packet detection scheme is too large. Therefore, this paper proposes a nonlinear detection algorithm based on AHP multidimensional matrix quad information entropy. Through simulation experiments, the change of quad information entropy of attack intensity from 10% to 100% is counted. The detection rate based on the traditional target IP and target port algorithm is only 50% and 60%, which is significantly lower than this algorithm. Experiments show that the detection rate of this algorithm is higher.
Highlights
In the form of global epidemic, due to the need to reduce personnel contact and more and more businesses migrate online, it is extremely urgent to protect these businesses from DDoS attacks
We define network packet quadruple as a flow table: F = , its entropy per unit time △t is H1ðxÞ, H2ðx Þ, H3ðxÞ, H4ðxÞ, according to the different sensitivity of entropy to attack, the four tuple entropy is given a certain weight by using the judgment matrix K1, K2, K3, K4, Target server
Judging from the above table: (i) Based on the detection rate of the target IP method, both from 10% to 60% are higher than the CTE of 5.197110%, that is, if the attack intensity is 60% and below, the method cannot detect the presence of an NTP attack, with a detection rate of 40%
Summary
In the form of global epidemic, due to the need to reduce personnel contact and more and more businesses migrate online, it is extremely urgent to protect these businesses from DDoS attacks. In the udp-flood attack, an attacker can send a large number of fake source IP addresses for unconnected UDP packages and can quickly fill the target resources, so that they cannot work properly. NTP attack is different from the general DDoS attack, and it uses the serving NTP server as the reflection point to send response packets to the victims [2, 3]. When a large number of response packets flow. The establishment of an efficient NTP attack detection system is a very important content to defend against network malicious attacks
Published Version (Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.