| With the rapid development of network and extensive use of computers, the number of Internet users and web application tools are growing, and the requirements that people try to improve network bandwidth and the safe operation of network are becoming stronger. Protecting security and stability of the network system has become one of the key issues for operators. Through estimation and calculation of the network parameters, it will provide management and maintenance.Network traffic anomaly is different from its behavior under normal circumstances. A number of factors give rise to such changes, for example, the bad operation of the network equipment, the wrong network operation, access and network-intensive attacks. This paper studies the abnormal behavior of network traffic due to attacks. There are many network traffic anomaly detection methods, such as feature-based detection methods, and detection methods based on statistics, which has significant advantage in the network traffic detection. This paper presents the anomaly detection method from the frequency domain of network traffic, and DoS/DDoS attacks can be detected through bottleneck traffic. Usually we use threshold value to detect the bottleneck of network traffic, and we can also use principal component method to analyze network bottlenecks. Understanding the specific location of bottlenecks and causes of the escalation of the link bandwidth is very useful, and can help network administrators make the right decision, such as adjustment of the router, and the early diagnosis of network performance for users, or by detecting bottlenecks in the network traffic DoS/DDoS attacks. The method assumes that the bottleneck is due to certain size of the packets, for the ordinary-sized packets control the network traffic in the actual network. In this assumption, when packet size and network bandwidth is unchanged, the bottleneck that the frequency of periodicity and amplitude of critical frequency with the largest amount is shown in the network traffic flow chart. With data packet size unchanged, we analyzed network traffic in the frequency of the periodic chart at different network bandwidth and under different transmission protocols in a simple experimental environment. Although the complex network environment caused some impact on traffic bottlenecks, bottlenecks can also be detected by the frequency representation of network traffic. Next, we use a statistical method based on Bayesian classification method which will detect the problem as a classification based on a priori knowledge of the problem through detection rules to identify whether traffic have DoS/DDoS attacks or not. Here we assess the performance of the proposed algorithm with a variety of data which are monitored under the real-time network environment. The experiment proved that the algorithm detection is still relatively effective to detect DoS/DDoS attacks, and in the detection stage also showed some detection capabilities when the training data does not contain certain type attacks. The proposed method provides a very accurate detection method, and suitable for large-scale network traffic detection. |
PDF Full Text Request