Design And Implementation Of DDoS Attack Warning System Based On LSTM

Distributed Denial of Service(DDoS)attack is a simpler way to attack,and it is very destructive.Therefore,it is also the way that attackers often choose.Although research scholars have carried out some research on DDoS attack warning,with the continuous change of the DDoS attack methods,the existing DDoS attack early warning methods have problems of lagging,resulting in early warnings is not timely,making prevention more difficult.In this paper,the existing problems of DDoS attack warning are analyzed and studied,and the DDoS attack warning is implemented based on LSTM neural network model.The specific research work of this paper is as follows:1.In this paper,the DDoS attack principle is deeply studied.Several typical DDoS attack methods are analyzed in detail.According to the research and analysis results,the development trend and attack characteristics of DDoS attacks are summarized.2.In this paper,a DDoS attack detection method based on Long-Short-Term Memory(LSTM)network traffic prediction model is proposed for the delay of DDoS attack detection and false positives.By analyzing the characteristics of normal network traffic,defining the IP-Data-Counts Feature(IPDCF)to characterize the network flow,training the LSTM neural network based on the IPDCF sequence,a prediction model is established,and it predicts the flow,and then the prediction result is compared with a preset threshold to identify the DDoS attack.Experimental results show that this method can identify DDoS attacks more accurately,and the false positive rate and false negative rate are lower.3.In this paper,for the setting method of DDoS attack warning threshold,there are some shortcomings such as static and single.A DDoS attack warning model based on dynamic adaptive threshold is proposed.The logical structure of the DDoS attack situation warning model is designed,and the regional Security-Vulnerabilities-Factor(SVF)is defined.Then,based on the prediction result of the LSTM network traffic prediction model and the regional SVF,the threshold is dynamically adaptively set,and the warning level interval is defined based on the threshold to determine the degree of the DDoS attack.Experiments show that the model can effectively analyze the DDoS attack situation from a global perspective and accurately alert the DDoS attack level.4.This paper designs an LSTM-based DDoS attack warning system.The requirements of the early warning system are elaborated.The overall framework and sub-modules and their databases were designed according to requirements.Based on this framework,the system is implemented and tested.The test results show the feasibility and practicability of the proposed method.