| Under the critical condition that network intrusion activities become more rampant in recent years, especially quite a few DDoS attacks have happened lately, this paper focuses on the research of detecting and defending DoS attacks using DM (data mining) technology. Based on the study of prevalent DM technology in the detection of network intrusions and the characters of DoS attacks, this paper presents a new idea to detect and defend DoS attacks by integrating with packet analysis and flow analysis. That is in addition to traditionally producing association rules and frequent episodes rules from packets and connections, Trend Analysis algorithm is used to forecast and analyze the network flow, the compared results between forecast values and real values become one of the key attributes of rules to detect DoS attacks.By the way this paper chooses the more effective DM algorithms by deep study in quite a few known algorithms employed in association rules, frequent episodes rules and trend analysis. To speed up producing association rule, this paper also introduces the AADD algorithm which is a upgrade algorithm from Apriori.In the end this paper expounds the design and implement of a DoS detection and defense system based on DM technology. |
PDF Full Text Request