The DDoS Attack With Learning Ability And The Research On The Detection Algorithm

Distributed denial of service(DDoS)attack is a type of attacks that an attacker controls a large number of zombies to launch attacks on one or more targets simultaneously,consuming server resources and network bandwidth resources of the targets,so that the target hosts cannot process and respond to the requests of common users.In recent years,DDoS attacks have become one of the most serious threats in network security due to such a high frequency and increasing intensity.Especially with the development of artificial intelligence technology,DDoS attacks is becoming more and more intelligent,showing many different characteristics from traditional DDoS attack,hence the conventional detection ideas and methods are no longer applicable.Therefore,it is of great significance to develop an attack detection method for intelligent DDoS attack scenarios to maintain network security.This dissertation focuses on the new type of DDoS attack,and develops theoretical analysis,method research and simulation verification.The main innovations are as follows.1.In order to research on intelligent DDoS attacks,a DDoS attack model with learning ability is introduced and implemented by reference to relevant research literature.Zombies in the DDoS attack with learning ability construct attack traffic by imitating the characteristics of normal user traffic in the network,thereby improving the concealment of attack traffic.2.A DDoS attack detection algorithm based on sliding window for the DDoS attack with learning ability is proposed.Traffic volume and the number of repeat messages are used as the feature to detect this attack through the analysis and research of the attack mechanism.According to the changes in traffic volume and the number of repeat messages within a suitable amount of time before detecting attack,the Chebyshev inequality with double variance is used as the threshold to detect DDoS attacks in the network.3.It is very important to identify the zombies in the network for attack defense and mitigation when DDoS attack occurs,so that a zombie hosts identification algorithm based on information disturbance is proposed.And zombies can be identified by the idea of disturbance before detection.In addition to message fields selection and values in the fields while constructing disturbance message,the optimal transmission rate of disturbance message is obtained.Then zombies in the network can be identified according to the detection threshold.Furthermore,the DDoS attack detection algorithm and botnet identification algorithm have been verified by the test environment built in this dissertation.The results show that the proposed DDoS attack detection algorithm can detect the DDoS attack of different intensity with an accuracy of 88.37%,and the proposed botnet identification algorithm can effectively identify zombies with different accuracy requirements regardless of the scale of the network.