Research On DDoS Attack Detection Based On Traffic Similarity

Intrusion detection includes misuse detection and anomaly detection.With the integration of machine learning and data mining technologies and anomaly detection,anomaly detection will play an more important role in the future.Intrusion detection technology based on traffic similarity is an important part of anomaly detection.The traditional method of setting the threshold of anomaly detection based on a similar flow detection method to a fixed method severely reduces the detection rate of detection means.In addition,the growth of redundant data and noise that present geometric times in the network environment poses new challenges to traditional neural networks,support vector machines,and ant colony and other machine learning algorithms.By reducing the dimension of network traffic,you can find the most essential factors in many feature sets and eliminate redundant data.However,the single-threaded tasks based on shallow machine learning can no longer meet the multi-task learning of intelligent data analysis and forecasting requirements.The DDoS attack detection strategy based on dynamic threshold wavelet analysis and the DDoS attack detection strategy based on deep belief network and dynamic threshold wavelet analysis have important theoretical and practical significance.Aiming at the traditional problem of intrusion detection model based on traffic similarity due to the unreasonable threshold setting,this thesis proposes a DDoS attack detection method based on Dynamic Threshold Wavelet Analysis(DT-WA).The automatic update mechanism of the threshold solves the problem of low model detection rate and high false alarm rate due to unreasonable threshold setting during mode initialization.The Hurst parameter is used as the only parameter for judging flow similarity.n this thesis,the wavelet analysis method is selected as the calculation method of the Hurst parameter by comparing several popular parameters estimation methods.Finally,the effectiveness and superiority of the DDoS attack detection method based on wavelet analysis using dynamic threshold proposed in this thesis are verified by the comparison of the third chapter and the similar experiments in this thesis.Aiming at the problem of inadequate preprocessing of complex and real network traffic based on traffic similarity intrusion detection methods,this thesis proposes a wavelet analysis detection strategy based on deep belief network.The strategy includes preprocessing module,DBN training module and wavelet analysis detection module based on dynamic threshold.Firstly,the pre-processing module and the DBN training module effectively reduce the dimension of complex and variable network background traffic.Then the DDoS attack detection method based on wavelet analysis using dynamic threshold proposed in Chapter 3 is used to detect the traffic in the next step.Through the comparison between this thesis and similar experiments,it is proved that the dimensionality reduction of network traffic based on deep belief network can effectively remove the redundant information of background traffic,and improve the detection rate of wavelet analysis based on traffic similarity.