Research On DDoS Attack Detection Base On Similarity Coeffcient

The whole society has a great progress with the rapid development of networktechnology,at mean time,the issues of attendant network security has becomeincreasingly prominent，especially for DDoS attacks.Recently, almost all of thewell-known network attacks are related to DDoSattacks,which leads to their greatloss.Therefore, how to detect DDoS attacks sustainedly becomes the urgent problemin the field of network security.The network would be congested when the amount of user visit exceeds a certainnumber because of the network bandwidth or the hardware limitation of server. It willalso bring network congestion when DDoS attacks occur.How to distinguish thecauses of its congestion to prevent DDoS attacks,we conduct a thorough research andpropose the method of similarity coefficient algorithm to detect DDoS attacks. Themain work of this paper can be listed as follows.First of all， this paper brings an brief introduction about DoS and DDoSrespectively. Reasons that lead to denial of service attacks are discussed，and featuresof the various components of attack chain when DDoS attacks of server happens arealso analysed.Secondly， DDoS attacks are divided into four categories for research. and eachtype of attack has been studied by their features separately based on this basis. Afterthat， familiar DDoS attacks forms and defense methods are researched，such asphysical defense， application layer and network layer defense. At last，cleaningsolution flow which is widely used in cloud systems is described in detail.At last， this paper studies flow characteristics of DDoS attacks and normalnetwork congestion， and similarity coefficient algorithm is put forward according tothe difference. This algorithm is derived from the cosine similarity measure. It takesthe amount of data per unit time as a calculated item. Next，data values that is countedvia experiment with a threshold DDoS attacks is detected. This algorithm has beentested online and in real-time， especialy for plug-in attack detection.We make use of Loadrunner software simulate normal clients access to the server， LOIC software simulate DDoS attacks in experimental segment. As can beseen from the experiment results，DDoS attack detection accuracy has a graet lift withthe similarity coefficient algorithm，which laid the foundation for future researchwork in the field of DDoS attack detection.