Research And Implementation Of Multi-level Situation Assessment Method Based On DDoS Attacks

Distributed Denial of Service(DDoS)attacks are characterized by coordinated attacks,low cost,and difficult to track,which poses a great threat to network security.In the context of big data,DDoS attack methods are becoming more and more complex,and traditional network security situation assessment methods cannot effectively assess DDoS attack situations.This paper focuses on the existing problems of DDoS attack assessment,carries out analysis and research,and builds a multi-level situation assessment model to achieve DDoS attack situation assessment.The specific research work of this paper is as follows:1.This paper conducts in-depth research on the principles of DDoS attacks,summarizes and analyzes the characteristics and effects of four typical DDoS attack methods,and based on DDoS attacks,studies the advantages and disadvantages of existing situation assessment methods,and proposes a framework for the DDoS attack situation assessment model.2.Aiming at the characteristics of many types of data sources and large information complexity in the situation assessment,this paper proposes Quantitative Index of Vulnerability(QIV),Quantitative Index of Threat(QIT)and Quantitative Index of Server running Status(QIS).Aiming at the impacts of the three indicators on the situation assessment,this paper calculates the weights of the three indicators through the entropy weight method,and then builds a DDoS attack situation assessment model based on the Bayesian network.In this paper,the system situation value is quantified into four risk levels to achieve real-time risk assessment of the network.Experimental results show that this method can accurately and effectively assess the DDoS attack situation.3.Aiming at the characteristics of the state changes of the network flow,this paper defines the New and Old IP Statistical Feature values(NOIPSF)by analyzing the characteristics of the state changes of the old and new IP addresses in the network environment,and then trains the V-Support Vector Machines(V-SVM)based on the NOIPSF sequence,construct a detection model,and detect DDoS attacks through the detection model.Based on the detection results,this paper defines the New IP Address Ratio(NIR),the Change of New IP Data Packet(DFI),and the New and Old IP Address Ratio,NOR)three DDoS attack flow characteristic indicators,and build a cloud model based on the weighted three indicators.This paper quantifies the network situation information into four security levels based on the cloud model,and quantitatively assess the DDoS attack situation.Experimental results show that the classification accuracy of this method is higher,and the false alarm rate is lower,which is more accurate and flexible than the existing methods.4.This paper designs a multi-level situation assessment system for DDoS attacks.Firstly,the requirements of the assessment system are analyzed in detail.According to the requirements,each functional module and database are summarized and designed in detail.Finally,the system was implemented and tested.The test results showed the feasibility and effectiveness of the evaluation system.