Baseline--一种容忍与检测DoS/DDoS攻击的被动方法

提出一种检测DoS／DDoS攻击(拒绝服务攻击／分布式拒绝服务攻击)的“Baseline”服务体系结构,并实现了其中关键的“Shepherd”检测算法。该体系结构通过把服务及其质量是否受到影响的判断指标交由具体的通信进程来定义而具有较强的适应性．可以与各种现有入侵检测系统很好地结合且不给宿主系统增加过多的开销。同时相比其他DoS／DDoS检测方式。Baseline服务无须对Internet路由基础设施作出更改来提供支持．是一种十分可行的DoS／DDoS检测方案。在理想情况下,Baseline服务可以做到对DoS／DDoS入侵零误报。

Baseline-a passive approach to tolerate and detect DoS/DDoS attacks

By employing a novel communication service surveillance algorithm called "Shepherd" ,a DDoS(Distributed Denial-of-Service)detection architecture named Baseline,which is considered a passive approach,is presented. It achieves high adaptability through delegating the QoS(Quality of Service)degradation judgement to the individual communication processes. By adding plug-able modules to the actuator of the daemon, Baseline can be easily integrated with IDSs (Intrusion Detection Systems). While compared with previous work ,neither traffic analysis or packets content filtering nor any modification to the existing router systems is required,which is very feasible. Moreover,Baseline may achieve zero false positive to some extent.