Study On DDoS Attacks Detection For Cloud Computing

Distributed denial-of-service (DDoS) attack is an attempt to make a computer or networkresource unavailable to its intended users.It has become a research focus of network securitybecause it is easy to launch and difficult to defend and trace. As companies increasingly usevirtualized data centers and cloud services, cloud computing is prone to DDoS attack，at thesame time, DDoS attacks are moving from brute-force floods of data to more skillful attackson application infrastructure.Although research on DDoS attack detection system has beenrelatively mature, further research on intrusion detection technology specific to DDoS attackis still required because a cloud service has some distinct characteristics that differentiate itfrom traditional hosting, we cannot apply existing technologies directly to cloud computing.Firstly,we study the principle of DDoS attack and countermeasures of detection andtraceback,then defines cloud and its characteristics and gives cloud computing architecture.According to characteristics of DDoS attacks, we introduce a intrusion detection model whichis based on improved Back Propagation (BP) neural network algorithm and adapt to the cloudcomputing environment. In this paper there are three contributions as the following:(1) Analysis the characteristics of DDoS attack based on the full research of existingsecurity vulnerabilities in the cloud computing environment，then a sub-layer based on MultiProtocol Label Switching is suggested to secure cloud-based transmission of information andmitigate the risks of DDoS attacks.(2) Designs a intrusion detection model for defending against DDoS attacks on the cloudenvironment， emphasis on the design of resource scheduling module and analysismodule,the BP neural network algorithm is introduced to the analysis module.(3) Propose the improved BP neural network algorithm based on the minimum transitionand add the algorithm to the intrusion detection model.Finally by analyzing and comparingthe experimental results of the simulating attacks test on the model, the improved BPalgorithm is able to prove that it can increase the accruracy and reduce the amount of thetesting process．...