Application Of Data Mining Algorithms To Detect Distributed Denial Of Service Attacks

With the increasing of people's demand and the development of science and technology, computer performance and network bandwidth has been greatly improved, but the effect of the conventional one-to-one DoS Attack effect on the target system becomes negligible. Distributed denial-of-service(DDoS) attack as the development and upgrading of the DoS attack has become the most threatening attack to the Internet in recent year. Nowadays, DDoS attack defense is one of the most difficult security problems on the Internet, and the DDoS attack detection is a very important part of DDoS attack defense, the test results will directly affect the performance of the entire attack defense system.Firstly, we study the principle of DDoS attack and classification of attack and detection methods respectively, then expound the definition of data mining and related classical data mining algorithms. According to the characteristics of DDoS attacks, we construct a DDoS attack detection model which is based on improved data mining algorithm. In this paper there are four contributions as the following:(1) Study and analysis DDoS attacks deeply and fully, designs a DDoS attack detection model based on data mining algorithm. By combining traffic anomaly detection and data mining algorithm in the DDoS attack detection model, the model can detect DDoS attacks swiftly, automatically and accurately, at the same time, it can be arranged in any network environment.(2) By combining association algorithm and clustering algorithm to process packets and produce adaptive model which can detect DDoS attacks.(3) Study and analysis data mining algorithm: Apriori algorithm and K-means algorithm, then analysis advantages and disadvantages of K-means algorithm. The K-means algorithm has two shortcomings, the number of clusters k requires pre-determined and the algorithm depends on the selection of initial cluster centers. In order to overcome the shortcomings of K-means algorithm, we propose an improved K-means algorithm, which contains two main part: clustering optimization based on distance value function and selecting the initial center based on high density.(4) Add the improved K-means clustering algorithm to DDoS attack detection model. Finally, by comparing and analyzing the experimental results of the simulating attacks test on the model, the improved K-means algorithm is able to prove that it can increase the accuracy and has more superior detection performance.