The Research And Design Of Detection System For DDOS Attack Based On Information Entropy

Distributed denial of service attack is developed from the denial of service attacks(Denial of Service,referred to as DOS),which is named as the DDOS attack.The attacker controls multiple network machines at the same time to send large amount of fake messages,in order to excessively consume network bandwidth or target resources.Then the target machine can’t provide services for normal network requests.According to statistics,the Internet DDOS attacks show a growing trend and the Internet security situation is increasingly grim in recent years.The detection accuracy and timeliness of existing detection system for DDOS attack is unable to meet the needs of enterprises.Therefore,it is urgent to establish a DDOS attack detection system with high detection efficiency and reliable detection result.The problems of current methods of DDOS attack detection is low accuracy and timeliness.Therefore the detection system designed in this paper uses the Sketch structure to compress and store the destination IP address.Then design a third Sketch structure to store different value between adjacent intervals in order to improve the detection accuracy.We use information entropy algorithm to calculate entropy,which is compared with entropy threshold to judge whether there is a DDOS attack.The algorithm is simple and fast in calculation,so the timeliness of detection is improved and enough reaction time is insured for the victims.In order to test this system,this paper uses the CORE system as the experimental platform.At the same time,the open source DDOS attacks software-TFN2K is modified.This tool can control the sending rate of attack packets and the peak rate of predetermined time.In order to simulate the real flow of the network environment,the background flow is programmed as the normal flow,which can improve the authenticity of the test environment.Through experimental analysis,the timeliness and accuracy of the system can detect whether the DDOS attack exists in the network.And this system can meet the demand of real time application.