DDoS Attack Detection Based On Adaptive Clustering Algorithm

With rapid development of the computer network technology, computer networkbrings us a convenience life, but it also provides more conditions for network attacks.In recent years, as the most common of network attacks, DoS （Denial of Service）attack and DDoS （Distributed Denial of Service） attack have played an increasinglyimportant role in network attacks, and has become the biggest threaten to networkrecently.In this paper, we briefly describe the situation of network security, study andexpose the theory, classification and research situation of the DoS and DDoSrespectively, introduce the existing DDoS attack detection methods and theiradvantages and disadvantages, predict the future trends of DDoS attack detectionmethods, point out that the DDoS attack detection based on data mining is one of thedetection directions in the future.We describe some knowledge of the cluster analysis, mainly analysis thek-means algorithm, some disadvantages of the algorithm are as following:（1） itassumes the number of cluster is known before we begin to cluster, but in fact it isdifficult to determine in advance;（2） owing to it is sensitive to the selection of initialcluster center and the distribution of cluster data, so, if the initial cluster center isselected improperly, there will be great differences between the clustering result andthe actual result. In this paper, we propose an adaptive clustering algorithm, whichcan obtain the optimal cluster number by using dynamic index and obtain the initialcluster center by using random subset，then we test it on the UCI dataset. Experimentresults show that our algorithm can properly get the cluster number and have a bettercapability than the k-means algorithm.Combined with the adaptive clustering algorithm, we design a DDoS detectionmethod based on the adaptive clustering algorithm, it mainly include the training datapretreatment, the key attributes extraction, the data mining module and the decisionmodule. We also describe the function and implementation of each part in detail; usethe LLS_DDoS₂.0.2data set to do our experiment, the results show that it has agood detection rate and a low false rate. We compare the algorithm with the k-meansalgorithm in terms of detection rate, experiment results show that our algorithm is aneffective detection method.