Research On DDoS Attack Detection Method For Elastic Intelligent Network

With the continuous development of Internet technology and the continuous innovation of network hardware devices,network security issues have become increasingly serious,especially DDoS attacks.An elastic intelligent network project was launched to solve the problem that DDoS attacks are difficult to identify in real time with high accuracy and low energy consumption.At present,the detection methods of DDoS attacks mainly include statistical analysis and machine learning.These traditional detection methods strive to ensure the balance between real-time and accuracy,but ignore the resource occupation.They are difficult to meet the requirements of real-time,accuracy and resource occupation.To solve the above problems,this thesis proposes a DDoS attack detection method based on hardware and software collaboration for elastic intelligent network.This thesis mainly includes the following research contents:(1)An FPGA-based hardware layer feature extraction algorithm is proposed.The software and hardware architecture of the programmable device OpenBox is modified so that the feature values can be statistically calculated from the hardware layer using FPGA.A new "statistics" module and a new "split" module are added.The "statistics" module can collect feature values at the hardware level and store them in specified hardware registers.The "split" module can extract the packet header and send it to the software for further processing and analysis.And a hardware-software coordinated feature value extraction algorithm is proposed based on the above two hardware logic modules.The experimental results show that the proposed feature extraction method based on FPGA can extract feature values from the hardware layer without affecting the original performance.(2)A two-level DDoS attack detection method based on programmable device OpenBox is proposed.The method consists of two modules: hardware awareness and online recognition.The hardware awareness module is based on sliding window.Its main purpose is to monitor whether the entire network environment is relatively stable and there is no sudden traffic.After the hardware awareness module senses the network abnormality,the online recognition module is started.The online recognition module adopts machine learning technology,using SVM,C4.5 and Bayes Network algorithm for integrated learning and recognizing DDoS attacks in real time.The experimental results show that the real-time DDoS attack recognition algorithm based on OpenBox can accurately detect DDoS attacks in real time.(3)Based on the above method,a prototype system capable of demonstrating the performance of the DDoS attack detection method is designed and implemented.The overall framework of the prototype system is designed and described from the aspects of DDoS attack detection and user interface display.The system provides a userfriendly operation interface,and users can train the classifier model offline and update the classifier parameters by a web system.The prototype system can also be used to display the attack status of the whole network in real time,which makes the system have strong practicability.