| Distributed Denial of Service (DDoS) attack is one of the greatest security problems. Nowadays, people have done a lot of researches in this field, and many approaches suitable to this field have been proposed, but these approaches have to be improved in some aspects.In order to reduce the false rate and improve the detection rate, the conventional entropy algorithm is improved, and a DDoS detection algorithm based on cluster of entropy is proposed in this paper. The entropy is used to represent the features of DDoS, then five normal features are selected to establish a normal action features training set by using K-means clustering algorithm. Network data features are detected according to the training set. If the DDoS isn't attack, training set is updated with detected normal features. Off-line experiments based on MIT Lincoln Laboratory'DDoS datasets indicate that this algorithm has a high detection rate and low rate of false alarms compared to the conventional entropy algorithm.A DDoS detection system based on the algorithm above is realized. The important function modules are introduced in detail. The DDoS detection algorithm based on cluster of entropy is used in the detection module, and the improved Bloom Filter algorithm is used to store the source IP in the attack respond module. If the DDoS attack is detected in the detection module, the attack packets are dropped in the attack respond module, otherwise the source IP database is updated. On-line experiments indicate that this detection system has effective detection and attack response. |
PDF Full Text Request