Research On New DDoS Attack Detection Method Based On Sampled Flow

The new infrastructure environment has seen the proliferation of the Internet of Things(Io T)technology.The diversity between the communication of Io T devices and traditional PC,servers have been more significant.At the same time,the attacker has been updating the attack mode to avoid the attack detection system.In order to degrade the target system service quality without awareness of the victim,Distributed Denial of Service(DDoS)technology evolves with the development of network environment and defense technology.However,most of the current research work on DDoS attack detection is still based on the traditional network environment and attack methods.The traditional DDoS attack detection methods will be confronted with the performance penalty and applicability decline in the new Io T network environment when facing new attack methods.Given the above problems,we researched the new attack environment and new attack method.Then we proposed a joint detection scheme for attackers and victims,composed of the DDoS attack detection systems in Io T environment and backbone network against new DDoS attack mode.The specific research mainly includes the following aspects.(1)We analyzed the smart home environment and research the network behavior of Io T devices and the malicious software in the Io T environment,then proposed the DDoS attack detection method in the Io T environment.First,Io T devices were grouped with the clustering algorithm to weaken the heterogeneity of Io T devices.After the grouping operation,the network behavior of devices in the same group was similar.Then,the time series model was trained according to the network traffic of the devices in each group.In the meantime,considering that the Io T malware often uses Domain Generation Algorithm(DGA)technology,a Malware detection model was trained based on DGA behavior.Finally,the conclusion was drawn by considering the results of the two models.The experimental results showed that the proposed method had a good detection effect for DDoS attacks in the Io T environment.(2)We researched a new DDoS attack method on the backbone network and propose a method to detect the new DDoS attack.First,heuristic sampling was carried out through the information provided by the Io T system to make up for the deficiency of the backbone network in identifying attack source information.Then,lightweight feature statistics and attack detection were carried out based on Sketch.Finally,the model was updated adaptively according to the result of attack detection.The experimental results showed that the proposed method had a good detection effect on both traditional attacks and new attacks in the backbone network environment.(3)Based on the above methods,a prototype system of DDoS attack detection was designed and implemented,including an Io T environment attack detection system and a backbone network environment attack detection system.First,the overall architecture of the DDoS attack detection environment composed of the two systems was proposed.Then,the system architecture of the two detection subsystems and their respective modules were introduced.Finally,the system interface and related tests are shown.