Ddos Attack Detection Techniques Based On Information Entropy

Nowadays ,information is a valuable resource of the society. In recent year,Internet is developping largly in the world. It plays a more and more important part in political,economic ,cultural,military and social life. Internet impacts every aspect of society. Meanwhile, the security of Internet seems more important today. Virus and worm damage the Internet, society suffer a lot from them. DDoS attacks are up to be stealthy and scalable. The distributed reflector denial of service occurs frequently which makes DDoS attacks trend to be more scalable and more serious. The large-scale DDoS attacks are one of most popular security problems. Distribute denial-of-service(DDoS) attack becomes the most powerful destroyer. So study and research DDoS attack is meaningful.First, we begin our thesis with the definition and attack-methods of DoS. Then induce the emergence of distributed DoS, named DDoS. We shall analyze the DDoS attack's architecture and working principles in detail, and have a thorough and comprehensive study, comparison and summary for its attack methods. Next, we shall focus on the detection approaches of DDoS attack. In general, there are two categories of DDoS detection methods: abnormity-based detection and characteristics-based detection, and the former one is key point of our research in this thesis. By the summary of current DDoS attack detection methods and the detection models of some attack tools, and based on the study and analysis of some representative research work in the field of DDoS detection, we improve the previous entropy detection algorithms. The experiment results show that these methods could lead to a more accurate detection and decrease the detection mistake rate. Finally, to this topic, we design a whole structure of defending DoS/DDoS system, making it suitable for the detection and defension requirements in practical environment. We shall describe the system's architecture design and work flow detailedly, and analyze its core event processing module design and relevant reactiong technology.