DDoS Intrusion Detection Based On Machine Learning And Reversible Sketch

While the Internet brings great convenience,various kinds of network security problems seriously threaten people's security and privacy and constantly pose new challenges to network security researchers.Among those network attacks,Distributed Denial-of-Service(DDoS)attack,cause extremely serious damage to websites all over the world every year.Facing modern DDoS attacks with increasing attack traffic and attack rate,how to realize DDoS attack detection with high efficiency,high precision and high applicability is an urgent problem in network security.Through the survey of DDoS detection technologies,we found that it lacks DDoS attack detection study with high detection precision,low resource consumption and efficient reversible capability.To solve this problem,we improve existing schemes and propose a DDoS attack detection algorithm based on machine learning and reversible sketch.The algorithm uses reversible sketch to summarize statistics and extract feature based on flow level data.After that,a machine learning model is used to detect whether a DDoS attack has occurred in a current network.Once the attack is detected,an anomaly source IP address can be obtained through efficient and simple calculation based on the Chinese remainder theorem.Built upon the proposed detection algorithm,we design and develop a DDOS detection system.The system consists of network traffic collection module,data pre-processing module,attack detection module and attack mitigation module.It uses the SDDL(Securityrelated Data Description Language)to mark the data needed for the detection,and a SDDL parser parses the SDDL file to guide traffic data collection.Our system is based on Jnetpcap to sniff the traffic of a monitored network,analyze network packet information to reconstitute traffic flow.We apply the proposed detection algorithm to enable the system to detect DDOS attacks at real time and trace the source IP of the attack for mitigation.We implement the above designed system and perform a number of tests to evaluate its performance.We test the performance of attack detection model using CICIDS2017 and UNSW-NB15 datasets.Results show that the system achieves our design goals of data collection,data pre-processing,data analysis and attack detection.It achieves high detection precision regarding both of the testing datasets,which shows that our detection is stable and effective.In particular,comparison with other existing methods proves the advantages of the proposed detection algorithm in terms of detection accuracy and efficiency.