Research On Key Technology Of DDoS Attack Detection Based On Time Series Prediction

Distributed denial of service(DDoS)attacks,which are favored by hackers for their simple and effective features,has become the most dangerous cyber attacks.Although many scholars devoted to the DDoS attack detection of network security research,but the Internet of things,big data and cloud computing,the new network technology and network environment makes the DDoS attack means increasingly complex and diverse,resulting in current DDoS attack detection method poor real time performance and robustness,high non-response rates and the rate of false positives.Therefore,research on DDoS attack detection method has great research value and wide application prospect.This paper mainly focuses on the main problems of existing DDoS attack detection methods,and carries out research of DDoS attack detection method.Specific research work is as follows:1.This paper first analyzes the current situation and development trend of DDoS attack,then classifies several typical DDoS attack types.Based on the current DDoS attack means complicated and diversified phenomenon,this paper combined with the current DDoS attacks the development of new features,based on the TCP,UDP,and ICMP protocol classification summarizes the current DDoS attacks have characteristics respectively.2.Against DDoS attack detection method is still attack detection type single and log of test result,non-response rates and high rate of false positives is insufficient,this paper proposes a time series prediction based on multi-protocol fusion feature DDoS attack detection method.Define a multi-protocol-fusion features(MPFF)to characterize normal network flow.Moreover,we utilize the time series Autoregressive Integrated Moving Average Model(ARIMA)to formally describe the MPFF sequence,which is subsequently used in network flow forecasting and error cal-culation.Finally,we present a detection model with error correction based on MPFF time series(FMTS)to identify DDoS.3.The FMTS attack detection method still has some shortcomings such as the threshold dependence on the experience value and can't adapt dynamically.Therefore,we propose a dynamic adaptive threshold method based on the markov chain(DATMC).The method first analyzes MPFF sequence correlation,and then through the calculation of correlation of MPFF sequence determines the order of the markov model,markov model is established and forecast the following threshold,finally setting threshold for FMTS attack detection model dynamically to identify DDoS attacks.Theoretical analysis and experimental results show that the FMTS attack detection method can detect multiple types of DDoS attacks,can early detect DDoS attacks,and has lower non-response rates and false alarm rates.At the same time,the DATMC method proposed on this paper realizes the dynamic self-adaptation of the threshold value,and further enhances the detection rate of FMTS attack detection method,which has a higher real time and robustness compared with similar methods.