Application-Layer DDoS Attack Detection Based On Fuzzy Synthetic Evaluation Model

With the development of information technology, Internet is becoming one of the major components of the world's information network infrastructure. The network has brought us great convenience, at the same time, it results in many security issues constantly. Among plenty of the network intrusions and attacks, denial of service (DoS) attack is one of the greatest threats for network security nowadays. DoS is the attack using reasonable request to get amount of resources from servers, which makes servers refuse to provide services to legitimate users passively. Distributed denial of service (DDoS) attack is more powerful and harmful. In this thesis, aimming at the application layer DDoS attacks, a detection method based on the fuzzy synthetic evaluation model is designed, focusing on extracting factors of application layer DDoS attacks, and analyzing the key technologies of implementation detection.The thesis first analyze the basic principles of traditional DDoS attacks, application layer DDoS attacks, and the distinctions between them, and then introduce the HTTP protocol which has been used to launch an application layer DDoS attack. Secondly, we especially discuss the characteristics of the application layer DDoS attacks through a typical application layer DDoS attack - CC attack. Sequentially, a DDoS attack evaluation factors set has been proposed. Next, it describes the fuzzy synthetic evaluation model and its applications in practice, focusing on the membership function selection, as well as the determination of weighting factors, then a detection method based on fuzzy synthetic evaluation model is proposed. Accordingly, we establish a specific characteristics set of application layer DDoS attacks at the early, select an appropriate membership function and suggest using Analytic Hierarchy Process (AHP) for weighting factors distribution, so that the results are more reasonable. Finally, we implement the packets capturing, the attack characteristics extracting and the synthetic evaluation in the Linux environment. In the end, through simulate several application layer DDoS attacks of different intensities, the result demonstrates that this detection method is feasible and reliable.