| DDoS attacks haven the biggest threat to network security since its appearance, manyscientist have done a lot of work to identify and protect against such attacks, there are a lot ofeffective results, but there are still many shortcomings in the detection and prevention. Thetraditional method of attack detection and prevention is only done at the server end, and there hasbeen a little problem in the application layer DDoS attacks in router-based DDoS attackdetection and prevention. In order to solve those problems, we propose an Anomaly-trafficDetection and Classification System in a Router in this paper.This system mainly uses three modules to solve the detection and prevention issues inDDoS attacks, they are data acquisition module, security analysis module and intrusion responsemodule. The data acquisition module capture data packets by the Libpcap library functions inLinux system; the security analysis module includes the feature extraction module and anomalydetection module, the feature extraction module adapts wavelet transform algorithm and KPCAdimension reduction algorithm to select features vectors, and the anomaly detection module usesSVM algorithm to judge whether the packets are attack packets; abnormal response moduleadapts different response behavior to the different type of attacks, until meets the systemrequirements.The system proposed in this paper is located in a router, it can both make the detection andprevention to network layer DDoS attacks, and the application-layer DDoS attacks. Through theTCP attacks, UDP attacks, ICMP attacks, mixed attacks and application layer attacks test, thesystem basically meets the design goals of the system. |
PDF Full Text Request