Research And Application Of DDoS Attack Detection Method Based On Generalized Multiple Kernel Learning

Distributed Denial of Service(DDoS)attack is a common network attack,which mainly causes network bandwidth overload by controlling network communication traffic,which mainly causes the network system to fail to serve normally by sending a large number of network data packets.It is highly destructive,has a wide range of hazards,is easy to implement but difficult to track and prevent,and poses a huge threat to the security of the Internet.Nowadays,DDoS attack methods are diversified,and attack forms are becoming more and more complex.It is difficult for a single traditional detection method to accurately identify multiple attacks,which makes defense more difficult.Therefore,this paper studies the above problems and proposes a DDoS attack detection method based on the improved Generalized Multiple Kernel Learning(GMKL)model.Based on this model method,the DDoS attack detection system is designed.The specific research work is as follows.1.In this paper,the DDoS attack is deeply studied,and the principle,classification and characteristics of DDoS attacks are analyzed and summarized.In response to the problem that a single feature cannot efficiently detect DDoS attacks,combining the characteristics of DDoS attacks such as address distribution,burstiness,and interactivity,the Super-fusion Feature Value(SFV)and Comprehensive Degree of Feature(CDF)are defined,representing the comprehensive features of different network flow information,and use these two features to identify and detect DDoS attacks.The experimental results show that SFV and CDF can effectively reflect the essential characteristics of three kinds of attacks: in the early stage of DDoS attack,impulse DDoS attack and intermittent attack.2.In this paper,aiming at the problem that traditional methods are difficult to detect multiple attacks at the same time,the R-GMKL detection model is proposed to detect multiple DDoS attacks.Based on the characteristics of SFV and CDF,a calculation method based on the R parameter is proposed.Through comparison and verification,the better kernel function and norm are selected to obtain the best R-GMKL detection model.In this paper,three kinds of simulation experiments are carried out,which are early DDoS attack,pulse wave DDoS attack and intermittent attack.The experimental results show that the randomness of parameter selection and the error of model detection can be reduced by selecting kernel function and regularization parameter through R value,and the DDoS attack detection model based on R-GMKL can effectively improve the detection rate under different types of DDoS attacks.3.In this paper,a DDoS attack detection system based on R-GMKL is designed and implemented to detect DDoS attacks.According to the requirement analysis and design goal of the system,the function module and database of the system are constructed.The information collection module,data preprocessing module,attack detection module,log and alarm module of the system are realized.The system obtains the network flow in real time,extracts the required features of the model from the data of the network flow through the data preprocessing module,and detects the features based on the extracted features through the trained DDoS attack detection model based on R-GMKL.The system test results show that the R-GMKL method proposed in this paper can efficiently detect DDoS attacks and has certain practical feasibility in DDoS attack and defense applications.