Research On Attack Detection And Traceability Technology For WEB

In this era of prevailing networks,all walks of life are closely connected to the Internet,and services on the Internet have also increased.Under this trend,people's daily lives have become increasingly dependent on the Internet.At the same time,the WEB attack methods are also continuously developing and upgrading,posing a serious threat to the Internet.In common WEB attacks,WEB DDoS attacks have the characteristics of wide coverage,fast attack speed and high destructiveness,which can seriously damage the availability of target network or system resources in a short time.Therefore,the paper focuses on WEB DDoS attacks and related detection techniques,and conducts in-depth research on the traceability techniques of WEB attacks.With the advent of big data and high concurrency era,the detection scheme of traditional WEB application layer DDoS attack has gradually failed.And the detection rate of existing machine learning related detection methods needs to be improved.Aiming at this problem,the paper proposes a model combining spectral clustering and random forest to detect the DDoS attack of WEB application layer.In the training process,the model first uses the spectral clustering algorithm to cluster,and then applies the clustering results to the random forest for training;In the detection process,the detection data is first clustered to the cluster by the spectral clustering algorithm,then the random forest corresponding to the cluster is found,and finally the random forest is used to judge the abnormality of the flow.The paper compared with other existing method to verify the detection model has a lower false positive rate and a higher detection rate,and is more suitable for WEB application layer DDoS attack detection.While detecting and defending WEB attacks,the research of attack source tracing technology is more important.Only by finding a real attacker and analyzing their attack methods can we effectively defend or even eliminate WEB attacks.The traditional traceability method has the disadvantages of large storage overhead and complicated calculation process.Therefore,the paper proposes a FRIT(Fast Route Interface Traceback)based on router interface.This method marks the attack path by combining the router log record and the packet tag value.After the traceability request is initiated,the attack path is quickly and accurately reconstructed according to the tag value and the log information.Through comparison experiments,it is verified that the proposed scheme can complete the traceability task with only one data packet,which reduces the complexity of the traceability process and reduces the storage burden of the router while ensuring the accuracy of traceability.