Research And Implementation Of DDoS Multi-source Situation Fusion System Based On Network Flow

Distributed Denial of Service(DDoS)attack is the destructive attack.DDoS attacks are very simple to operate and have different types of attacks,which makes it a low efficiency of the detection of DDoS attack.Therefore,how to protect the network from DDoS attack has become an increasing concern,and there is an urgent need for a improve detection efficiency to solve the fusion problem of multi-source situation information.At present,in academia,the research of single point detection method of DDoS attacks is mainly carried out through internal service monitoring,external performance monitoring,physical equipment monitoring and so on.But without considering multi-source information fusion,single point detection method of DDoS attacks cannot sense the attack situation effectively.Enterprises usually use multi-dimensional data association analysis method to judge the security situation of the whole network.There is not too much research work on multi-source situation information fusion for DDoS attacks,so that it is difficult to provide effective defensive measures for victims.In this paper,the main key technologies of information fusion in DDoS attack are studied,and the research work is carried out as following:(1)The principle and influence of DDoS attacks are studied,and the common DDoS attacks are classified and summarized,and then various common DDoS attack types are classified and studied.Combined with the current development trend of DDoS,the characteristics of DDoS attack are given based on network stream.(2)Combined with the features of DDoS attack,this paper proposes a DDoS attack feature fusion model aiming at the problem that it is difficult for a single feature to describe the overall network situation effectively.By calculating the flow threat value,vulnerability value and the flow of weight,the situation of the network node is reflected,and the situation value of the node is calculated to represent the influence degree of the node.Then,the probability of the node being attacked is calculated by the Sigmoid function.Finally,the method is validated by using Convolution Neural network(CNN)model that it has a good detection effect,can reduce the non-response rates,the rate of false positives and total error rate.(3)Aiming at the problem of evidence conflict in D-S evidence theory,an improved information fusion method based on D-S evidence theory is proposed.Firstly,the network security situation information fusion and a variety of typical information fusion methods are analyzed,and the attack probability is obtained based on the DDoS attack feature fusion model.The synthetic formula of D-S evidence theory is improved according to the probability,and the fusion results of the evidence is obtained which are not conflicted.Finally,combining the probability of the node being atteacked and the improved D-S evidence theory,the network situation value is obtained,which is used to feedback the network status in real time.(4)The DDoS attack multi-source situation information fusion system and its database are designed and implemented.The system consists of modules such as real-time monitoring,information fusion and situation visualization and so on.The test results of the system show that the system can effectively integrate the data of multiple nodes to improve the accuracy of detection work,and has high stability and a certain degree of scalability.