The Research On Detection Method Of Application Layer DDoS Based On Clustering Algorithm

Nowadays,with the development of internet,application of informatization and Internet+ making moblile Interner has gone deeply into every aspect of people’s life.In the meantime, the network security threats are also emerge in endlessly, more and more complex, more and more difficult to detect. Distributed Denial of Service attacks is a major security threat affecting Internet security. For the traditional DDo S, mainly base on the network layer and transport layer, has been increasingly mature network security products can be effective defense, while the computer working mode to interact more and more through the Web, which led to the development of the Application layer DDo S. Application layer DDo S has destructive attack,attack are becoming more secretive and totally indistinguishable with normal users on flow characteristics,it makes Application layer DDo S become one of the most serious threatsAt first, the theies analyzes and summarizes the Network layer DDo S and Application principle of DDo S attack, summing up the differences between attack features:The requests of Application principle of DDo S are legitimate HTTP request packets,date traffic is much smaller than Network layer DDo S.According to the problem of traditional detection application principle of DDo S cannot be detected. Baseed on differences of behavior between the normal user and attack d in the Web access, this paper analyzes the application layer DDo S attack behavior characteristics. According the differences in Point of interest time of access hits and page jump sequence,using three vector and a matrixis to be a modle of user Web access behavior.Define the similarity of different users accesss behavior,like abstract space distance.Secondly, the theies designs a detection model of Application principle of DDo S based on Particle Swarm optimizing Clustering Aglorithm.Using the Date of the Web Accsss behavior model in this detection model. At first, pretreating the Web blog,calculating the similarity function between Session.Senting the date into design module of K-means algorithm based on Particle Swarm optimizing to clustering.Than compare the results with the K-means algorithm’s based on genetic algorithm optimizing and K-means algorithm’s based on Ant Colony algorithm optimizing.The results show the K-means algorithm based on Particle Swarm optimizing has a significant advantage in clustering result and the convergence rate.In the practical experiment of PSOK-means.There is a problems which is clustering result is not efficient.Analysis the reason is the PSOK-means algorithm in a local optimum probably, which can not find the global best solution.Then,the paper propose a K-means algorithm based on Adaptive Particle Swarm optimizing(APSOK-means), and using this algorithm in the detection model. The experiment results show that the APSOK-means can solve the problem of particles in local best and the convergence rate has slightly improved.