Low-Rate DDOS Attack Detection And Response Technology Research

Distributed Denial of Service(DDoS)attack is one of the severe threats on the network security in the recent year. Low-rate DDoS (low-rate distributed denial of service) attack was a new type of DDoS attack, which is different from traditional DDoS attacks. This kind of attacks can make serious destroy on the network by using non-suspicious low-rate attack streams. Research on low-rate DDoS attack has become a hotspot in network security fields. So, doing research on low-rate DDoS attack and its detection and prevention technology is a very important work.At first, this thesis analyzes the attack mechanism of DDoS attack. Then, it analyzes the attack mechanism of low-rate DDoS attack and its detection and prevention technology. Then it analyzed the difficut and key points for the detection and prevention technology of low-rate DDoS attack.Regarding remarkable characteristics of low-rate DDoS attack, namely pattern, obvious difference was found between the power spectrum density (PSD)of legitimate and attack traffic samples. A change point detection method in statistics was introduced and the detection method which has been used was improved with CUSUM algorithm. This thesis based on the periodic characteristics of the low-rate DDoS attack flow, the different characteristics of the periodic signal and non-periodic signal in the frequency domain, the relevant sequences characteristics of the Fourier transform, normalized the power spectrum density of the attack and the legitimate stream and used the CUSUM algorithm to detective the attack in the inflexion. Filtering algorithm was improved with hash bucket. The thesis introduced the Hypothesis detection algorithm and the construction of the Hash Table. Experiments proved that the improved method is lower in false-positive rate and higher detection rate, which is more accurate and could adapt to more complex network environments. The hash bucket is conducive to enhancing the effect of detection and prevention of the low-rate DDoS attacks flow using the IP spoofing technology.