科研成果详情

With the rapid growth of the Internet, the impact of attacks becomes more serious. IP spoofing makes hosts hard to defend against DDoS attacks. In this paper, we propose a blind detection method for tracing the real source of DDoS attack packets. Tracing the real source of a single-packet is difficult, so we trace-back a cluster of similar packets rather than a single-packet by cluster matching. We choose K-harmonic means clustering method to preprocess the packets according to our proposed quantitative model, at the same time, we propose an approach to determine the best number of clusters. In addition, we propose a novel detection algorithm about cluster matching for tracing the real source of packet clusters based on K-harmonic means and our improved silhouette. Experimental results show that our method can detect the real source of packets with up to 92.54% accuracy.