利用列表顯示線上封包統計連續測試分散式阻斷服務攻擊

Abstract

在這篇論文裡，我們提出一種有效率偵測與過濾阻斷服務攻擊的方法。 我們的系統叫STTOPS（Sequential Testing with Tabulated Online Packet Statistics for DDoS Detection）能在一個緊密，固定尺寸的架構裡使用有效的探索法監控許多網路位址。 我們證明與TOPS相比較，STTOPS在一個標準基準數據集方面有更高的平均準確和更低的平均誤報警能發現阻斷服務攻擊。與TOPS相比較，STTOPS的關鍵好處是它使用較少的計算資源，而且在攻擊期間不會減慢下來。

In this thesis, we present an efficient method for detecting and filtering denial-of-service bandwidth attacks. Our system called STTOPS（Sequential Testing with Tabulated Online Packet Statistics for DDoS Detection） can monitor a large number of network addresses in a compact, fixed-size structure using several effective heuristics. We demonstrate that STTOPS can detect bandwidth attacks in a standard benchmark dataset with a higher average accuracy and a lower average false alarms than TOPS. A key benefit of STTOPS is that it uses less computational resources than TOPS and does not slow down during an attack.