Design And Implementation Of Multiple Classifiers For DDoS Attacks Based On CNN

Distributed denial of service(DDoS)attacks cause great damage to the network.DDoS attack is a kind of network attack means which is easy to implement,difficult to trace and destructive.The existing methods of DDoS feature extraction based on statistics have some problems,such as low utilization of original information,high dependence of experience observation,and inability to reflect the spatial distribution of network flow.The extracted features can't describe the characteristics of network flow well,which leads to the existing DDoS detection methods have the characteristics of high false alarm rate and high false alarm rate.Aiming at the existing problems of DDoS attack detection,this paper analyzes and studies two attacks,SYN Flood and ICMP flood,according to the characteristics of different network traffic of attack flow and normal flow and proposes a multi classification method of DDoS based on the convolutional neural network(CNN).The specific work is as follows:1.Combining with the high traffic,address distribution and interactivity of ICMP flood attack,a method of ICMP flood attack detection based on convolutional neural network is proposed.The address,packet length and response request flag bits of ICMP packets are transcoded into gray scale network flow matrix(GNM).In order to better reflect the address correspondence,the address data is combined to get the dual channel gray scale network flow matrix(GNM).Convolutional neural network has a good performance in matrix information extraction.We use the corresponding convolutional neural network to extract features from different network flow matrices and fuse the extracted sub features to obtain the multi view network flow feature(MVNFF).The experimental results show that compared with the similar methods,this method has higher detection rate,lower false alarm rate and false alarm rate,and has better ICMP flood attack detection performance.2.SYN Flood attack means are complex.According to the address distribution and service response of the attack,a SYN Flood attack detection method is proposed.A SYN Flood attack detection method based on convolutional neural network is proposed,which is based on the network address,packet length and request or response relationship in the original data.After binary transcoding of the original TCP packet data,the response convolutional neural network is used to extract the characteristics of the matrix,and feature fusion is carried out to obtain the multi view network traffic characteristics for SYN Flood.The experimental results show that the network features extracted by this method can better reflect the attack characteristics of SYN Flood attack,and have low false alarm rate and false alarm rate in attack detection.3.In this paper,two different attack methods of SYN Flood and ICMP Flood are studied.The network flow features extracted from convolutional neural network are modeled,and the multi classifiers of DDoS Attacks Based on convolutional neural network are obtained to classify different types of DDoS attacks.The experiments show that the multi classifiers proposed in this paper have high accuracy and take better countermeasures for different DDoS attack principles.4.This paper designs a DDoS attack detection system based on CNN.The requirements of the detection system are described in detail.According to the requirements,the overall framework,sub modules and their databases are designed.Based on this framework,the system is implemented and tested.The test results show that the proposed method is feasible and practical.