Research On Key Technologies Of DDoS Real-time Network Intrusion Detection System Based On Machine Learning

With the rapid development of computer technology,especially the era of cloud computing,big data and artificial intelligence,Distributed Denial of Service(DDoS)attacks have become one of the most threatening factors in the field of cyberspace security.At the same time,the growing number of botnets makes DDoS attacks more and more harmful along with the rise of the industrial Internet of Things.Therefore,DDoS attack detection is always the research focus in the field of network securityAlthough numerous methods have been proposed before,some traditional detection and defense methods against DoS or DDoS attacks have become obsolete as technology continues to evolve and business scenarios change.At present,it is becoming increasingly important to improve the efficiency and accuracy of detection for DDoS attacks.Therefore,machine learning,big data analysis and other related theoretical methods and techniques is adopted to realizing real-time and efficient detection for DDoS attack on large-scale network environment in this paper.The multi-dimensional attribute of network traffic is extracted and analyzed according to the characteristics of DDoS attack trafficIn this paper,we propose an ensemble-learning based distributed detection framework(ELDDF)for DDoS attack.The model adopts distributed traffic collection and storage technology,real-time data cleaning technology and detection method based on ensemble learning,which can meet the real-time and accuracy requirement of DDoS attack detection.On the proposed ELDDF,this paper combines the famous big data framework to build a DDoS attack detection system.Firstly,Gopacket,Libpcap and other tools is used to build a distributed traffic acquisition sensor to collect traffic in real time.Secondly,Spark Streaming is adopted to build a real-time traffic feature extraction module.This module performs multi-dimensional feature extraction on collected data packets according to the characteristics of TCP/IP network programming model and DDoS attack traffic.Thirdly,the DDoS attack detection model is built and the distributed random forest detection algorithm is implemented based on Spark to satisfy the real-time detection of a large amount of network traffic.