The Research On Several Pivotal Techniques Of Intrusion Detection And DDoS Attack

As people's dependence on computer network becomes stronger, network security is getting more important today. Because intrusion detections can effectively solve the limitations of the traditional defense technologies, intrusion detection technologies have got much focus in academic and industry in recent years. Within this field, there exist two common problems, which are the less accuracy of detection results and the difficulty of unified deployment in a wide range. Meanwhile with the harm of Distributed Denial of Service (DDOS) attack gets serious increasingly, it gets much attention of every country over the world. DDoS attack is regarded as one of the biggest challenges of Internet. The researches on these subjects are of great theoretic and practical significance.This paper focuses on these two areas of intrusion detection technologies, so it can be divided into two parts. In the first part, some new models and mechanisms are produced according to the problems of present Intrusion Detection System (IDS), which are less precision and unable to be unified distributed and maintained on a large scale. These research results can effectually improve the performance of present IDS. In the second part, it studies DDoS attack, and brings forward effective detection means and defense mechanisms based on the experiment results and theoretical analysis.The innovations of this paper are as the following:1. An intrusion detection mechanism based on the technology of multi-sensors data fusion--DFIDM is presented.It is critical to the IDS that whether the detection results are of higher accuracy. This paper researches the design method on how to apply the data fusion technology to IDS. Theoretical analysis proves the validity of the data fusion technology to improve the performance of IDS. By these results, DFIDM is devised and realized. The experiments show the satisfactory results.2. An intrusion detection model based on mobile agents--MADIDS is presented.MADIDS uses layered infrastructure. The whole system consists of one central node and multiple domains. Within a domain the hosts are connected by LANs while the domains are connected by WANs. A layered generation and update mechanism is devised in this model. By adopting mobile agent technology, it implements the unified and large-scale configuration of IDS in WAN environment. This mechanism only needs smaller overloads to maintain the system integrity, consistency and availability. This paper also researches the functions of self-repairing and collapse-avoidance of the system. The experiments prove the validity of the MADIDS model.3. A decision condition of DDoS attack based on the Hurst parameter of network traffic self-similarity is presented.The performance of some common calculation methods of Hurst parameter is compared with the confirmation of the strict self-similarity characteristic of LAN traffic. The quantitative influence on Hurst parameter caused by DDoS attack is studied through a lot of experiments. Based on the analysis of these experiment data, a precise criterion of start and end of DDoS attack is put forward. Finally the effectiveness of this method is analyzed and proved. The experiments show that the performance of this method is good.4. A defense mechanism against DDoS attack based on the change of Hurst parameter of network traffic self-similarity--R2DH is devised.The mechanism of R2DH presented in this paper implements the phases of detecting the attacks, locating the path of attack, judging the type of attacks, generating response strategy and executing response action with small cost of system resources. It is suitable to work in WAN by using synchronization and failure-tolerance mechanism. The experiments prove that this method has good effects.