| Distributed Denial of Service(DDoS),because of its large-scale,decentralization and transient characteristics,is difficult to be protected effectively and accurately.As a result,it has become the most commonly attack method in the black industrial chain and even between countries’confrontations,which seriously threatens the stability and reliability of the key network infrastructure and core services.Therefore,it has always been a hot research spot for the academic and industry to effectively defending network attacks,especially DDoS attack,in a fast,accurate and costsaving way.In recent years,with the development of Software Defined Network(SDN)technology based on the network virtualization and programming,the industry has gradually found that its superiorities in network situational awareness and intelligent scheduling can bring new opportunities to defend DDoS attack.This method is beneficial to realize the self-sensing and self-adapting network endogenous security.In this thesis,difficulties of DDoS defence and the deficiencies of existing solutions is summed up,the overall architecture and technological characteristics of SDN is studied.Taking advantage of SDN technology in traffic collection,perception analysis,and dynamic scheduling,the author proposes the solution of defendinng DDoS attack based on SDN,which builds security defense ability into the network architecture natively,focuses on the data acquisition anti-interference analysis,intelligent detection and recognition of malicious traffic,and route planning with security constraints,etc.,so as to increase the accuracy and computational efficiency of attack detection,construct the network endogenous security,strengthen the anti-DDoS ability of the network,and improve detection and protection effects in various scenarios.Finally,experiments are made to verify the functions and performances of the algorithms proposed in this thesis.The main contributions of this thesis are as follows:(1)Research on the Protection Scheme for Distributed Denial of Service Attacks Based on SDN ArchitectureIn view of the insufficiencies of existing protection methods for DDoS attack,the cloud,virtual,intelligent and hierarchical network security protection system is designed in the thesis by taking advantage of network control ability of SDN,which adds a network security management layer over the SDN controller,integrates data acquisition and status perception function into programmable network elements.In this architecture,the endogenous security is generated within the network,which can promote integrated evolutions of the cloud,network and security,improve the efficiency of attack protection,reduce the cost of network security operation.The protection system consists of security management layer,network traffic control layer,perception layer and resource layer,which can support centralized deployment mode and distributed deployment mode with loose coupling of functional layers.In addition,the system supports the docking with non-SDN network,and ensure the smooth transition of the security function and network architecture,reduce the difficulty of system construction and adaptation.(2)Research on anomaly samples detection method of basic data set for DDoS attack identification based on multi model fusionThe existence of isolated outlier samples in data set will affect the analysis accuracy of detection models and increase the computation complexity.So an Improved Local Outlier Factor anomaly sample detection method based on Chi-Square Test and Fuzzy C-means Algorithm(LOF-CF)is designed in this thesis.This method firstly extracts principal components based on the Chi-Square Test to reduce the feature dimension,then uses Fuzzy C-means clustering to screen out the outlier samples preliminarily and compress sample size,and finally uses Local Outlier Factors to identify the rest of abnormal samples through density information.As the experiment verify,this hierarchical multi-model fusion algorithm can adapt to the network traffic data with the characteristics of high feature dimensions,fluctuant feature values,disorderly sample distribution.It can realize the detection of abnormal samples efficiently so as to enhance the anti-interference ability of the algorithm.Its computational efficiency and accuracy are better than the traditional methods.(3)Research on the attack identification method of an improved Long Short-Term Memory Algorithm Based On Modal Decomposition and Feature SelectionIn order to solve the defect of the existing schemes,such as insufficient feature index,lack of feature screening mechanism,inadequate autocorrelation data processing capability,and high degrees of artificial dependence,an attack identification method of improved Long Short-Term Memory Algorithm Based On Modal Decomposition and Feature Selection(LSTM-MF)is proposed in this thesis.Firstly,this method uses the modal decomposition algorithm to extract the intrinsic modal components from the original time-series data,and acquire the new feature by time-frequency transformation to enrich the feature dimensions,so as to improve the comprehensiveness of the decision basis.Secondly,based on feature engineering,feature selection is made on the extended data set to screen out the important features and construct a new data set with lower dimension and stronger representativeness,so as to improve the efficiency and accuracy of subsequent analysis.Finally,the new data set is input into the Long and Short Term Memory neural network for training,which reduces the risk of gradient explosion or gradient disappearance in the iterative process,enhances the state memory ability of the algorithm,and further improves the decision effect.Experimental results show that this method can effectively extract new modal features,optimize the discriminant indexes,improve the identification efficiency and accuracy.In both small sample and large sample scenarios,its analytical performance is superior to that of the traditional Long and Short Term Memory neural network algorithm and other existing algorithms.(4)Research on the method of detect abnormal information with high concealment encryption based on fusion model.To deal with the threats brought by spreading malicious code and attack command with high concealment encryption,in this thesis,the difficulty in detecting steganographic information and shortages of the existing scheme is analyzed,an image Steganalysis Model Based On Multi Convolutional Neural Network Fusion(SM-MCNN)is designed.This algorithm improves the efficiency of feature extraction and model generalization,determines the files that have been tampered with steganography effectively,finds out the untrusted data timely.More over it can carry out proactive defence by preventing the attack in the preparation stage of attack organization.Experimental results show that,this algorithm can effectively detect untrusted files whose integrity is damaged by steganography.It has strong universality for various steganography algorithms and file formats.Its accuracy of detection is better than the nonfused model algorithm.(5)Research on DDoS attack mitigation method based on Secure RoutingSpecific to the shortcomings of traditional networks in intelligent and flexible management area,an Improved Ant Colony Algorithm With Security And Reliability Constraints(IAC-SAR)is designed in this thesis,which take advantage of SDN technology,such as whole-network status awareness,resource scheduling,and globalized management.This method improves the traditional ant colony algorithm,considers multidimensional influence factors comprehensively,including the indicators of delay,bandwidth,node performance,security.It can make the selected routes have more security and reliable,improve the anti-attack capability of the network,so as to prevent and mitigate DDoS attack,guarantee the stable of network and business.Experimental results show that the method can select one or more routes that meet the comprehensive conditions of high level requirements,including security,performance,reliability,and also can realize the load balancing when DDoS attack happened.Its performance and security are better than the route selection method based on traditional ant colony algorithm. |
