Design And Implementation Of Distributed Real Time DDoS Attack Protection System

As the research on the network layer DDoS attack has achieved a certain result,the network layer DDoS attack has been effectively suppressed,so the DDoS attack gradually focused on the application layer.The application layer DDoS attacks have a higher workload asymmetry ratio,so DDoS attacks are high-frequency,low duration,large-scale development trend,the traditional DDoS attack detection methods and centralized testing methods or framework has not adapted to the current situation.In order to adapt to the current DDoS attack environment,this paper proposes a distributed real-time DDoS attack protection framework,which divides the whole DDoS protection work into three parts: perception,detection and defense.The framework can suspend the detection of DDoS attacks when no DDoS attacks occur to reduce the waste of computing power.The detection algorithm can also be selected according to different types of DDoS attacks to improve the accuracy of detection.At the same time,a mechanism for system self-feedback adjustment is designed,and corresponding optimization mechanisms such as communication structure and storage mode are specified.In order to implement this protection framework,a DDoS attack awareness algorithm and a DDoS attack detection algorithm are designed to implement the framework's attack awareness and detection.In the process of designing attack-aware algorithm,by analyzing and verifying the access behavior of normal users in Web services,a system state indicator describing the application state of Web services is defined,and a DDoS attack-aware algorithm based on system state indicator is proposed to perceive DDoS attacks and predict their types of attacks.The algorithm uses AR model to predict the system state index numerically,and compares the deviation between predicted and observed values to judge the occurrence of DDoS attacks.In the process of attack detection algorithm design,a DDoS attack detection algorithm based on user access behavior is presented through the study of Web service application.The algorithm considers the access behavior of normal users in Web services as a state chain and describes it using HSMM model.It detects DDoS attacks by comparing the deviation between access traffic and normal user behavior.Finally,based on the DDoS attack protection framework and the above algorithms,a distributed real-time DDoS attack protection system is implemented using Spring Cloud,Druid and other technologies.The average prediction error of the proposed DDoS attack-aware algorithm on the system state indicators is less than 10%,which proves that the algorithm can accurately sense the occurrence of DDoS attacks and predict the attack types.The proposed DDoS attack detection algorithm has good accuracy and low false alarm rate,and it achieves 98.89% accuracy and 1.10% false alarm rate for NASA-HTTP dataset.Meanwhile,the method requires low training data volume of the model,and it can achieve good detection results by using a low number of white samples for training,and it can update the parameters in real time.The DDoS attack protection system implemented in this paper has low performance requirements and will not affect the real-time response to user operation requests after intervention in Web service applications.