Research On Detecting Networkattack Based On Self-Similarity

With the rapid development of the global Internet network, various network attacks occur more frequently, network security issues have become increasingly important. In recent years, detection distributed denial of service (DDoS) attacks for network security has become a top priority because of its some features of long incubation period, subtle and strong, complicated by a high degree of attack, causing great harm to network security.DDoS attack is a distributed, collaborative large-scale attack. It produced tens of millions of data packets into the target host by using the large number of hosts launching denial of service attack (Denial of Service, DoS), making the target system consume a lot of resources and can't provide services for legitimate users. DDoS attacks make use of the defect of network protocols or system, making it easy to implement, and make sure the attacker is almost impossible because of its forged source IP address. DDoS attack bring great harm for network security, and it is very difficult to detect and precautions. Traditional method of DDoS attack detection based on its characteristics and protocol, it have low efficiency, low accuracy, large compute and can't distinguish between normal burst traffic and attack traffic. It can only be used to detect obvious abnormalities traffic with characteristics, and it is ineffective for DDoS attack without obvious abnormalities traffic. This paper mainly study the DDoS attack detection based on self-similar features of network traffic, combined with wavelet technologyFirst, this paper explains the principles of DDoS attacks, reasons, characteristics and types of DDoS attacks, introduces some of the existing methods of detection of DDoS attacks as well as its advantages and drawbacks.Second, through analyzing of the fractal property of network traffic, found fractal scaling of networking traffic has a notable effect on the network performance. Based on the fractal structure of the large-scale network traffic aggregation, analyze the feature of network traffic from the perspective of the global and local scaling exponents. It show that networking traffic have the self-similar phenomena over large-scale and the multi-fractal phenomena over-small scale. Analysis of the existing various models of network traffic with their advantages and disadvantages.Then, research on wavelet technology. Wavelet analysis is a fixed window size, the shape, the time window and frequency can be changed in the time-frequency localization analysis. Wavelet transform has a long-range dependent features, it can be easy to solve the problem in the frequency domain.Finally, it is proved by experiments that adopted the network traffic self-similarity parameter Hurst detection DDoS attacks has limitations. A method of DDoS attack detection based on the property of network traffic is presented and designed the attack detection model. First of all, judge the fractal features of network traffic, then adopt a method of variance of Hurst exponent based on wavelet analysis detect attack when it is self-similar or a method of Holder exponent based on multi-window wavelet analysis detect attack when it is multi-fractal. The experimental result shows that this method is effective and detection rate is high on the big background traffic DDoS attack, Low-rate DDoS Attack.