Design And Implementation Of DDoS Defense Mechanism Based On Machine Learning In Smart Identifier Network

With the continuous expansion of the scale of applications,the original design ideas of the traditional Internet have been exposing many serious drawbacks.And it is difficult to meet the urgent needs such as 'intelligence ','high efficiency' and 'safety' of the future network.The Smart Identifier Network(SINET),which is characterized by "two domains","three layers" and "three mappings",breaks through and effectively solves the the challenges of the future Internet system and mechanism.As a developing network system,its network security is an important issue that remains to be solved.This paper designs and implements a Distributed Denial of Service(DDoS)defense mechanism that based on the component synergy mechanism of SINET.It realizes the attack detection and defense of DDoS in SINET.This paper consists of following parts:First of all,we analyze the status and needs of Internet network system and the development of network security development.Also,the summaries of the research status of network system and security in the whole field are provided.Then we expound the architecture and operating mechanism of SINET.And introduce the attack process and the principle of detection and defense technology briefly.So that we can see the meaning of researching on designing the attack defense mechanism of DDoS under the SINET.Secondly,in terms of the attack detection and defense mechanism of DDoS in SINET,we make the demand analysis and overall scheme design.The design is based on the detection solution of DDoS which contains the Support Vector Machine.Subsequently,we introduce the detection solution of DDoS which is based on controller scheduling.Thirdly,we achieve the overall mechanism of attack and defense of DDoS in SINET,including the optimization of the Support Vector Machine,the determination of the detection period,the extraction of the traffic characteristics and the establishment of the source ID blacklist in the detection module.We also achieve the triggering of the defense mechanism in the defense module,the construction of forwarding queue of the forwarder and the redistribution of forwarding capability of the forwarder.At last,we test the attack defense mechanism of DDoS in the SINET step by step.We compare and test the influence of each part before and after optimization on the performance of Support Vector Machine,and verify the rationality of detection period.Then we compare the performance of Support Vector Machine,decision tree and neural network in our experimental environment.The defense effect of controller scheduling is also tested.Finally,we draw a conclusion that the design and implementation of attack defense mechanism of DDoS in SINET in this paper can effectively defend against the DDoS attack in SINET.This paper implements the attack defense mechanism of DDoS in SINET,which provides reference for the further research and deployment of the subsequent security strategy in SINET.