DDoS Attack Detection Based On The Stastical Analysis

With the continuous development of computer network technologies, the scale ofthe Internet is expanding. Network has increasingly become people’s daily necessity inthe world. Since safety issues were not considered when designing network at earlystage, inevitably there have been many network protocol vulnerabilities. Somecriminals have taken took advantage of these vulnerabilities for network attacking, toobtain the appropriate implementation of the economic benefits or retaliation. Thesenetwork attacks have caused the huge loss of the global Internet users. Therefore, theissues of network security and attacks have become urgent and important. In this paper,the detection of DDoS attacks is studied and detection algorithms are proposed basedon statistical analysis.Firstly, a summary of network security is made. And some commonly used attackdetection algorithms are introduced, which are mainly based on some characteristics ofDDoS attacks, such as the unbalance of network flow and the disperstion of IPaddresses.Secondly,we have done some research on the symmetry of the network,and aDDoS attack detection algorithm based on the link of the network traffic matrixanalysis is proposed. Under normal circumstances, the network data flow generallyshow symmetry. In the event of DDoS attacks, the symmetry of the network flow havebeen destoyed,consequently,the network flow matrix is no longer symmetry.So we canuse the symmetry of traffic matrix to determine whether there is a network attack.Thirdly, we have done some research on the correlation of IP address and attackdetection algorithms based on the dispersion of IP addresses using slide window timeinterval and attack detecton algorighm based on the entropy are proposed. We use thesliding window time interval as the time unit to measure the amount of data packets inthe network for network flow analysis.Finally, we research the source of DDoS attacks tracking algorithm. The tracingalgorithm based on the spectrum analysis is proposed. After finding the attack agents, we caculate the spectrum of each IP address in the subnet of attack machine. We canfind the attack handler by distinguish difference frequency of data flow from each IPaddress.