Research And Application Of DDoS Attack Early Warning Method Based On Generalized Network Temperature

Nowadays,Distributed Denial of Service(DDoS)attack is one of the mainstream and damaging attacks.Intrusion detection is a common means of targeting DDoS attacks.Although the relevant results have high detection accuracy,the reactive detection approach leads to damage sometimes already occurring.Therefore,there is a need for research into network anomaly early warning methods which can predict possible attacks in advance.Generalized Network Temperature(GNT)is a new network feature proposed by our research group which can be used for network anomaly detection and early warning.In view of this,this thesis first proposes a Network Congestion State Generation Algorithm(NCSG)based on PL-GNT to quantify the state of the network,then proposes a Network Anomaly Early Warning method based on PL-GNT and deep learning(NAEW-GNT)to predict the possible DDoS attack,and finally designs experiments using open source datasets and an early warning system to demonstrate the effectiveness of our approach.The main work of this thesis is as follows.(1)Based on the research on GNT,this paper proposes a Network Congestion State Generation Algorithm to address the problem that the network state cannot be directly observed.Based on the improved characteristic PL-GNT and Network Heat Capacity(NHC),the NCSG method defines four states of network congestion and provides more information for decision support in DDoS attack early warning.(2)Based on the PL-GNT and deep learning,this thesis proposes a DDoS attack early warning method NAEW-GNT.This method mainly consists of two models: the Bi-GRU model and the Stacking model.The Bi-GRU model predicts network characteristics,and the Stacking model maps the congestion state to network characteristics.NAEW-GNT first trains the two models,then transmits the prediction results of the network characteristics from the Bi-GRU model to the Stacking model,and finally designs an attack probability function based on the network congestion state.In this way,the NAEW-GNT method transforms the network state predicted by the Stacking model into the probability that the network can be attacked.In addition,this paper also designs a combined criterion based on the network congestion state and the attack probability function to further improve the warning accuracy.(3)This thesis uses the CICIDS2017 dataset and the UNSW-NB15 dataset to demonstrate the effectiveness and rationality of the NAEW-GNT method.The experimental results demonstrate that the characteristic PL-GNT is more sensitive to changes in network traffic than the characteristic GNT,the network congestion state generated by the NCSG method can accurately reflect the network congestion,and the NAEW-GNT method achieves a high warning accuracy.In addition,two sets of ablation experiments demonstrate the necessity for NAEW-GNT to use the characteristic PL-GNT and network congestion states.The comparison experiment proves the superiority of the NAEW-GNT method compared with other early warning models.(4)A DDoS attack early warning system based on the NAEW-GNT method is designed and developed in this thesis.The system’s functional requirements are described in detail,and the implementation of the system framework and each sub-module are completed accordingly.The feasibility of the NAEW-GNT method proposed in this thesis is also verified through network simulation tests.