Research On DDoS Attack Detection Based On Application Layer

In the past few years,with the popularization of mobile Internet,DDoS attacks have become more and more common due to the characteristics of low cost and clear targets.For DDoS attacks,most companies usually use methods such as increasing corporate bandwidth,CDN,and increasing the number of servers to dilute the attack traffic,and respond to the attack by hard-resisting methods.This method does have a certain effect on small traffic attacks,but it wastes a lot of resources and money,and for large traffic DDoS attacks,this method has little effect.According to the data of NSFOCUS,many traditional security devices are not designed to deal with large-scale DDoS attacks.It takes a lot of money and time to update these devices.In addition,DDoS attacks have various methods and it is difficult to trace the source.This makes DDoS attacks a popular choice for attackers,and research on DDoS attacks is imminent.The research and contributions of this paper are as follows:1.At present,there are almost a lot of research and reports on defense against DDoS attacks in academia.This method is mainly divided into two types: misuse intrusion detection technology and abnormal intrusion detection technology.The advantages and disadvantages of commonly used detection algorithms are compared,and the improvement ideas of the information entropy method are proposed.2.For HTTP-based application layer DDoS attacks,the problem with the past approach to information entropy is that fixed thresholds need to be used for classification,so the choice of thresholds directly affects system performance.This paper mainly proposes a concept of information entropy based on dynamic partition to express the uncertainty of information sources.By calculating the maximum deviation from the average entropy in T time,the multiple of the maximum deviation is used to distinguish the threat level to achieve detection.effect.3.This paper proposes a random forest model based on dimensionality reduction and data balance optimization.4.On the basis of information entropy partition,the suspected area is further detected,effective features are extracted,and the suspicious part is inspected again in depth using the random forest based on dimensionality reduction and data balance optimizati.5.Finally,through experimental research,it is concluded that the DDoS intrusion detection model proposed in this paper can finally achieve a higher recognition rate and a lower false detection rate.At the same time,the algorithm in this paper has lower model training time and higher detection performance.