The Study Of DDoS Attack Detection And The Designing Of The Package Filtering System

DDoS attack has become one of the main network security problems as it is simple to launch while destructive, and difficult to trace. Researchers both home and abroad have studied the methods to detect the DDoS attacks to reduce the economic loss. A lot of researchers proposed the methods which based on the statistics of a specific feature of the network streams and set a threshold to determine whether the stream is attack or nornmal. There are some limitations to detect the stream while with the development of the study of machine learning, more and more detection models based on machine learning have been proposed, which still remain a lot of problem to be resolved.This article studied several machine learning methods and compared the detecting principles and the performances, the tests shows that the model based on SVM has a very good performance in both missing report rate and false alarm rate. This article mainly discussed the SVM detecting model and focus on the study of the training algorithms, according to which an optimized approach of feature selection has been proposed. Furthermore, in the testing charter, the tests on real network data show the optimized method has a better performance in the training time complexity and the accuracies of detecting. To more precisely estimate the performance of a feature in classifying the streams, a feature selection evaluation model with adjusting factors has been proposed in this article which is more flexible in instances training of the SVM model.For the DDoS attack defense strategy in a large-scale of network, this paper proposed a distributed defense system DIPS which consists of controlling nodes and several different function nodes. Under the supervision of the controlling node and the network manager, the DIPS nodes are distributed in different locations of the network and cooperate with other nodes to defense the DDoS attacks. A comparison of the DIPS and other defense system has been made. At last, the article implemented the main data structures of the DIPS system.This paper optimized the feature selection method of the classification model, which inhanced the accuracy of the classifier based on SVM in a small range; the design of the DIPS system has a theoretical value for the deployment of the distributed DDoS attack defence system.