DDoS attack is a serious threat in the current information society where the Internet plays an important role as social infrastructure. Since this attack transmits data so that there is no difference in behaviors from legitimate users, it is difficult to distinguish the user from the attack traffic. Therefore, legitimate users cannot receive the service when their traffic are erroneously detected as the attack. We had previously proposed a system that guarantees continuous service use of legitimate users by introducing a quarantine server apart from the web server that performs ordinary web services. The quarantine server has a function of identifying legitimate users and attacks from the access detected as the attack by the IDS or the firewall. Our previous method finds the legitimate user by extracting feature from the access log after the communication is finished. In other words, this method performs the analyzing after the service is over. Therefore, the previous method is not suitable for continuous service of legitimate users. In this study, we propose a new method that can distinguish between legitimate users and attacks even if the services running. As a result of the experiment, we confirmed that the proposed method can distinguish between legitimate users from attacks.
雑誌名
宮崎大學工學部紀要
巻
47
ページ
201 - 209
発行年
2018-07
出版者
宮崎大学工学部
Miyazaki University
Faculty of Engineering, University of Miyazaki
リポジトリのご案内
トラフィック特性による正当なユーザとDDoS攻撃の識別手法の提案
本文
(1.75MB)
