Research On DDoS-Detected Intrusion Detection System

With prosperity of Internet, network intrusion occurs frequently and different means of intrusion appear. Denial of Service becomes one of the most favorite network attacks because of it's characteristics: impact in a wide range, difficult to find out, simpleness and effectivity, serious damage, hard to defend. DoS can cause great damage to network and host computers. DDoS can hide in a long time and has a high complicating degree. It's hard to find and can cause more damage, so that DDoS is a serious threat to network security.As a proactive defense tool, intrusion detection system(IDS) can detect attack inside, outside and misoperation real-time. But it is hard to detect DDoS. So this paper proposes a kind of IDS which can detect DDoS.This system uses Lightweight DDoS Detection Method(LDDM) and C-F Model based Bayes Detection Method(CBDM). LDDM contains feature extraction module and DDoS-detection module. Feature extraction module extracts feature data such as source IP, SYN packets, ACK packets, and prepares for detecting DDoS attacks; DDoS-detection module judges whether IP is legal using Legitimate IP Address Database, and whether network traffic is abnormal according to the symmetrical features of TCP protocol, and counts abnormal data by revised Bloom Filter, and judges whether DDoS attacks start up using improved no-parameters CUSUM method. CBDM records normal behaviour by knowledge base while building Bayes network instance about normal behaviour and feature vector by Feature Classification Module. Then C-F Model based Bayes Classification is trained and used in the process of intrusion detection.Firstly, this paper proposes LDDM, which uses no-parameters CUSUM and can detect DDoS effectively by few resources. It can also find the time when DDoS attacks stop in time. LDDM reduces the false rate of DDoS detection. With the experiments, it shows that LDDM can detect DDoS more effectively whether it nears to the attackers or victim hosts. Secondly, C-F Model based Uncertainty Reasoning is applied to Bayes Classification, and then an improved intrusion detection method CBDM based on Bayes Network is proposed.Finally experiments show that DDoS-detected IDS has a high detection rate to common intrusion, and can detect DDoS more effectively.