Target Testing Network For DDoS Attacks Detection And Defense Simulation Research

The equipment test and trial range is mainly for testing new weapons and equipment and system equipment.With the further development of the equipment test range network(hereinafter referred to as the range test network)to node wide-area,communication diversification,measurement and control integration,the risk of the range test network facing attacks is also increasing.Among various types of attacks,distributed denial of service(DDoS)attacks are defined as one of the most typical types of attacks because of their large scale,strong implementability,and general difficulty in detection.However,it is difficult to detect it accurately and make timely defense measures because of its strong stealth,extensive attack and powerful destructive characteristics.Based on this paper,we simulate and study the problem of DDoS attack detection and defense in the range test network,and design a hybrid detection method based on improved Kmeans algorithm to classify network traffic accurately,and design a queue congestion control active defense strategy combined with RED Random Early Detection(RED)algorithm to realize the defense against DDoS attacks and finally reduce or eliminate DDoS attacks.and finally reduce or eliminate the impact and harm of DDoS attacks on the target test network.The thesis of contents is as follows:(1)A hybrid detection method based on improved K-means algorithm is proposed for the problem of low detection rate of DDoS attacks in the range test network.The simulation model of the range test network of DDoS attack is constructed by OPNET simulation tool to study the change of the performance of the range test network after being attacked by DDoS,and the attack data set is constructed according to the attack traffic generated by the simulation attack in real time.The improved K-means algorithm is used for initial coarse-grained clustering of network traffic and early warning of abnormal attacks found,followed by fine-grained classification detection using the Ada Boost(Adaptive boosting)algorithm,and finally,based on the trained classifier,the attack is accurately detected in real time.(2)For the defense of DDoS attack traffic in the firing range test network,an active defense strategy based on queue congestion control is designed using RED(algorithm.This defense strategy first counts the packet loss probability,controls the average queue length through the statistical results,and then predicts the congestion of the network according to the controlled average queue length,and can cache the packets before the router The packets are discarded before the router’s cache reaches the upper limit,and on this basis,an early warning is sent to the attacking port to realize the control of network congestion.(3)A simulation model of the firing range test network is constructed using OPNET,and a hybrid detection method based on the improved K-means algorithm and an active defense strategy based on the RED algorithm are experimentally verified on the model.The results show that the proposed hybrid detection method can accurately distinguish attack traffic from normal traffic when DDoS attacks occur,and the proposed defense strategy can control the average queue length and actively perform congestion control and issue congestion warnings to attack ports,which effectively mitigates the impact of DDoS attacks on attack targets and network performance,and provides an important defense for realistic range test network attacks.It provides important reference value for realistic range test network attack defense.