Research And Implementation Of DDoS Detection Based On Machine Learning In Distributed Environment

Distributed denial of service attack,also known as DDoS,has appeared since the 1990s and it still seriously affects the security of the Internet.The attack principle is that by controlling a large number of zombie hosts,large amounts of useless packets are sent to an organization or a company to consume its bandwidth and system resources.These packages eventually make the organization or company can not do normal service and work.Nowadays,there have been some ways to detect DDoS attacks.However,due to the huge traffic and the diversified means of DDoS,there is currently no detection strategy that can be completely effective.Based on a large number of domestic and foreign researches,this paper proposes a method on DDoS detection based on machine learning.According to the protocol type,DDoS can be classified into three types:,they are ICMP attack,UDP attack and TCP attack.In this paper,we compared the DDoS packets with the normal packets and identified the features used for DDoS detection.Using these features as input to train BP neural network,a DDoS attack detection model can be generated to detect DDoS attacks.Because BP neural network can not determine the initial parameters during training,the results of DDoS detection are unsatisfactory.In this paper,we study Glowworm Swarm Optimization(GSO)and use the method of pattern search and boundary mutation to optimize GSO,and finally propose a algorithm named BM-HJ-GSO.Using BM-HJ-GSO,the initial parameters of the BP neural network can be found before training the BP neural network.Experiments show that BM-HJ-GSO can effectively improve the training accuracy of BP neural network and provide the accuracy of DDoS detection.A huge amount of packets is a major feature of DDoS.In order to deal with large-scale data packets,this paper designs a DDoS detection system based on distributed storage system HDFS and distributed computing architecture Spark.The system has two major advantages:First,the system uses distributed technology.Because distributed technology give full play to the cluster,the system can deal with the analysis of large-scale DDoS packets.Second,this paper gives a parallel algorithm for the neural network training algorithm based on the BM-HJ-GSO which proposed in the previous article.The parallel algorithm makes the BP neural network can carry out distributed training on the detection system.The training speed is greatly improved compared with the stand-alone mode.When a new type of DDoS occurs,the BP neural network can be trained and updated in the system at any time.Experiments show that the proposed DDoS detection method and system have a good effect on a variety of popular DDoS.The attack recognition rate is above 95%.Therefore,this research has certain guiding significance.