Design And Implementation Of DDoS Attack Detection System Based On V-Support Vector Machine

Under the new network environment,network traffic has many characteristics,such as large scale,huge amount and complexity of its data,which make the current distributed denial of service(DDoS)attacks present the characteristics of diversity,suddenness and concealment.It also leads to the problems of high false alarm rate,high missing report rate and poor timeliness of current detection methods,which make it difficult to detect attacks effectively.As a result,the security risks and property losses caused by DDoS attacks have increased dramatically.Therefore,it is urgent and significant to detect DDoS attacks accurately and efficiently in the new network environment to reduce economic losses and negative social impacts.On the basis of studying a lot of detection techniques,this paper proposes a detection method for DDoS attacks based on V-Support Vector Machine(SVM).According to this method,a DDoS attack detection system is designed and implemented.Specific research work is as follows:1.Firstly,the background and significance of DDoS attack and the current research status of DDoS attack detection methods at home and abroad are described.Then,the theory of DDoS attack,the common attack modes of DDoS attack and the characteristics of DDoS attack are analyzed.2.Aiming at the problems of high false alarm rate,high missing report rate and poor timeliness in current detection methods,a DDoS attack detection method based on V-SVM is proposed.Firstly,a nine-tuple network service association feature(NSAF)is defined to describe the changing state of network flow.Secondly,the principal component analysis(PCA)is used to reduce the dimensionality and normalize the feature data to reduce the negative impact of noise on the detection results.And then,by studying the basic theory of several kind of support vector machines,the type of kernel function and the value of parameter V are determined based on the feature data,the V-SVM model is trained,and the classifier is generated to detect DDoS attacks.In this paper,the traditional C-SVM detection method and grid search based C-SVM detection method are compared and analyzed through simulation experiments.The results verify the effectiveness of the proposed detection method based on V-SVM.Compared with the other two methods,the proposed detection method not only improves the accuracy,reduces the false alarm rate,but also ensures the stability and timeliness of the classification model.3.According to the detection method proposed in this paper,a DDoS attack detection system based on V-SVM is designed and implemented.The overall design of the system,the system architecture,the design of each module of the system and the design of the database are introduced in detail.It realizes four functions;network traffic collection,data preprocessing,attack detection,log and alarm.Finally,the system is tested,and the availability,stability and scalability of the system are tested by simulating attacks.