A DDoS Detection Model Based On Improved Cultural Algorithm

The Internet has become an indispensable part of modern life, however, with therapid development and widespread usage of network technology, the challenge ofinternet safe problem also becomes more and more serious. Distributed denial ofservice (DDoS) attack, is one of the most important attack types which threat theavailability of internet. Over the past decade, the rapid growth of DDoS attacks havecaused serious damage, so the detection work of DDoS attacks becoming more andmore important and urgent. This paper design a new DDoS detection model based ondouble-population space cultural algorithm clustering analysis, and the main work ofthis paper as follows:(1) Profiled the principle of DDoS attack and its classification. After reading alot of literature and report, summed up the current DDoS attacks’ situation, impactand trends. And also, introduced current research work of DDoS attacks,respectively, from the detection mode and deployment location of the detectionalgorithms, introduced a variety of detections method and analyzed their advantagesand disadvantages. Especially focuses on a DDoS detection technology based on softcomputing which very novel and popular currently.(2) An improved cultural algorithm based on double-population space (DPCA) isproposed. Each population space in this mechanism can evolve by its own affectfunction and their can exchange useful knowledge and experience with each other also.There evaluation results show that the proposed algorithm has superior performanceto the primary cultural algorithms in terms of accuracy and convergence speed. Andthen, this paper proposed a new cluster analysis algorithm based on this improvedcultural algorithm.(3) Analyzed current DDoS detection models which based on cluster analysis,proposed a novel DDoS detection model based on new cultural-cluster algorithm. Themain idea of this detection model is capture primary network packets from real timetraffic, then compute the entropy value of particular packet properties, called "trafficfeature". After using cultural-cluster to analyze this dataset and get "normal trafficmode", the detection model can use it to detect real time traffic automatically.Simulating experiment shows it can works with high accuracy and low erroneouswarning.