Adaptive Real-time DDoS Detection And Defense Technology Based On Spark Streaming

Distributed denial of service(DDoS)attack is an important security threat to the Internet.With the continuous expansion of the scale of Internet and the continuous improvement of network bandwidth,the traffic flow of network DDoS attacks also increases.Huge network tra ffic to network security detection equipment and technology has brought unprecedented pressure,and the traditional single server has been unable to meet the requirements of real-time large data throughput,in recent years,research on large data processing technology and platform in academic and industrial field is very hot,large data processing platform Spark was born into large flow of real-time DDoS attack detection and defense,with the help of computer cluster resource use Spark big data processing platform and technical means,can effectively so lve the computational bottleneck problem.On the basis of in-depth analysis of various DDoS detection and defense methods,this paper proposes an adaptive real-time DDoS attack detection method based on source cluster feature statistics,and designs a DDoS attack defense strategy based on packet filtering.By grouping the source clusters of sliding window,and compare with maximum deviation of source cluster proportion in each group and threshold,then detect DDoS attack traffic.When detecting the DDoS attack traffic in the network flow,the DDoS attack traffic is filtered according to the packet filtering strategy.Based on the large data stream processing framework Streaming Spark,this paper designs an adaptive real-time DDoS attack detection and defense framework based on large data stream processing.The adaptive real-time DDoS detection method based on cluster feature statistics and the DDoS attack defense strategy based on packet filtering that proposed in this paper are implemented on the big data processing platform.The framework consists of message middleware module Kafka,detection module and defense module based on spark streaming,through sensing network traffic in real time and maximum flow bandwidth threshold,realized the adaptive and fast detection and effective response to DDoS attack.Experimental results show that the proposed method can greatly improve the detection capability,and guarantee the network service can be accessed by the legitimate users,and provide a feasible solution for the security of the network service performance and security detection.