Research And Implementation Of Ddos Attacks Detection On Cloud Environment

With the upgrading of computer information technology and increasing demand for cost-effective computing model of users,cloud computing with its dynamic nature,randomness and openness,stands out in many computing models as the most trusted and preferred computing mode of industry and users.Cloud computing is widely used in many aspects of life,including Internet,finance,entertainment,media and education sectors.It is invisible but represented everywhere,and it provides users with all the convenience.However,with the extensive development and application of cloud computing,cloud computing is now facing increasingly serious security challenges.Among all the challenges,distributed denial of service(also called DDoS)has become the most prominent security threat to cloud computing environment,due to its diverse mechanisms,huge scale and enormous losses of attack.In order to effectively detect DDoS against cloud computing and to prevent cloud from security threats,an algorithm of detecting DDoS based on conditional entropy is proposed.The algorithm,presenting the normalization model of the evaluation index with the help of AHP method,calculates and evaluates the effect of DDoS to VMs of cloud computing.Meanwhile,in order to decrease the false alarm rate,a conditional entropy based scheme is proposed to distinguish real victims of DDoS,with the help of dynamic threat zone adjustment mechanism.The innovations of the algorithm are:(1)It combines AHP and conditional entropy based DDoS detection where these two scheme complement each other,and brings a perfect solution to the challenge of distributed nature of cloud computing.(2)The algorithm can dynamically adjust itself to network condition,which reduce the false alarm rate detection and false negative rate.Finally,the thesis designs and implements DDoS detection system based on conditional entropy in cloud environment.The thesis introduces system module design,system architecture and deployment scheme in detail,and builds a private cloud as experimental environment.The validity of the system is fully verified by the analysis of experimental results.