Research On DDoS Attacks Detection Method Based On Stacking And Flink

DDoS attacks are currently one of the most notorious cyber attacks.With the rapid development of big data,cloud computing,and Internet of Things technologies,not only has DDoS attacks become easier to implement and difficult to be tracked,but the cost of launching attacks has also become lower and lower.At the same time,the scale of the network is also increasing.If Internet data measured in TB and PB is used by DDoS attacks,its destructive power will be catastrophic.Over the years,researchers have proposed various technical solutions and management measures for DDoS attacks,but there are still many problems,especially in the detection of DDoS attacks.Its main manifestations are as follows: 1.The performance of DDoS attack detection needs to be further improved;2.Under large-scale networks,the real-time performance of DDoS attack detection needs to be enhanced;3.Data processing and network traffic collection must be real-time;4.The adaptive detection performance of the system needs to be improved,especially for unknown or new types of attacks.Therefore,this thesis solves the above problems by using Flink,machine learning and other related theories and technologies.In order to improve the detection performance of machine learning,ensemble learning represented by Stacking is proposed.In view of the current stacking base-learner configuration method is mostly fixed collocation,but due to the complexity and dynamics of DDoS attacks,static configuration strategy is obviously less flexible.In this thesis,the QGA-Stacking algorithm is proposed,which uses genetic quantum algorithm to dynamically select a group of learner combinations with the highest evaluation index in Stacking,thereby improving the accuracy and flexibility of the detection model.At the same time,a set of better feature sets is proposed to save computational cost.Experimental results show that compared with the other three mainstream algorithms,the QGA-Stacking algorithm has more significant detection performance,and the selection of the better feature set is more reasonable.In order to adapt to the large-scale network environment,this thesis designs a realtime DDoS attack detection system based on Flink,which can perform real-time traffic collection and data processing.At the same time,the F-QGA-Stacking model is proposed for data analysis.It is the implementation of QGA-Stacking on Flink.The QGA-Stacking model running on Flink also has the characteristics of high throughput and low-delay,which lays a solid foundation for real-time detection of DDoS attacks.The detected anormal traffics can also be used as training data to optimize the model,so that the detection model can learn by itself,so as to achieve the purpose of shortening the detection time and responding to unknown attacks.The experimental results show that the system proposed in this thesis can meet the real-time performance of DDoS attack detection,and has a higher accuracy rate and a lower false alarm rate.