Research And Application Of DDoS Attack Detection Technology Based On Hadoop And SVM

DDoS (Distributed Denial of Service) attack is a kind of attack which controls large numbers of computers (we call the puppet machine) through senting large amount of resource requests to occupy application resources, network bandwidth resources and system resources. The aim of the attack is to undermine the usability of computer system and network, and recently it is one of the most important factors threatening the security of the Internet. There are some mature single DDoS attack detection technologies, but because of the limit of the detection ability of a single computer or server, the existing DDoS attack detection technologies have been difficult to detect DDoS attacks in large-scale LAN effectively.Hadoop cloud platform effective integrated a large number of storage and computing resources,through a variety of computers in a cluster parallel operation,high-speed computing and storage. Based on SVM algorithm which performs better in the detection of DDoS attacks of stand-alone environment combined with Hadoop cloud platform analysis and high-speed computing ability and strong storage capacity,can solve the problem of detecting large LAN DDoS attacks effectively.Firstly,this dissertation classified the types of DDoS attacks on the basis of studying the principles of DDoS attacks, then studied the related technologies of Hadoop and single SVM algorithm, meanwhile extended the SVM algorithm to the Hadoop cloud platform, and designed the parallel distributed SVM algorithm based on Hadoop. The algorithm based on training samples in the reasonable block, set reasonable cascading stop conditions as well as custom MapReduce processes during cascading training. It solveed the problem that the training sample was randomly distributed,which leads to the inaccurate classifier or the extreme situation of the classifier, meanwhile the training samples was divided into small sample blocks to solve the problem of rehash in the process of and other issues. Because of the full analysis ability and strong ability of high speed calculation the algorithm could ensure the accuracy of the training and improve learning efficiency. This dissertation also proposed the DDBHS (DDoS Attack Detection Based on Hadoop and SVM)system concept, using parallel distributed SVM algorithm based on Hadoop cloud platform to learn and detect DDoS attacks. By setting up an attack detection alliance,the control nodes could control the training of learning nodes and the status and responsibility transformation of attack detection nodes. While improving the detection efficiency, the system resources are effectively utilized.In this dissertation, the DDBHS system was realized and applied to the DDoS attack detection in the actual environment. The results showed that the DDBHS system designed and implemented in this dissertation has high efficiency and accuracy for DDoS attacks.