Research On Intelligent Detection Method And Defense Mechanism Of DoS Attack In IP Network

With the popularization of network technology,the means and methods of network attack emerge in endlessly.In 2010,DDoS attack exceeded 453.8Gbps for the first time,Arbor Networks reported in Global annual report on Internet infrastructure security.And because DoS attack is easy to implement and hard to guard against,so it has become one of the most difficult network security problems.Therefore,the detection and defense technology of DoS attack has become the research hotspot in the field of network security.Based on the analysis of existing intrusion detection algorithms and defense schemes,this paper presents an intelligent detection/defense system based on BPNN and game theory for DoS attack.The main research contents are as follows:Firstly,this paper tentatively selected multiple features which are capable of recognizing DoS attack efficiently according to the correlation between types of data and features and characteristics of DoS attacks.Based on this,a complete feature set and two simplified feature sets are set up.And then,a reasonable BP neural network(BPNN)DoS attack detection model was designed through large-scale training and testing,and the detection accuracy improved to 99.927% while considering the other attacks and using 7-tuples simplified feature set.Then,I did a further analysis through game theory for DoS data which not recognized by BP detection model.In proposed game defense model,the defense strategy can be adjusted dynamically according to the real-time situation of the system and further distinguish the possible remained DoS attack sources.And the detection rate increased 99.993%.In the overall system,this paper proposed two key parameters in the defense scheme,e(evaluation coefficient)and JR(normal traffic judgment rate),which are based on BPNN detection model.And they not only play a role in linking evaluation and dynamic adjustment of defense schemes,but also become a bridge between detection model and defense model.The two parameters make the whole system scheme complete and unified.