Internet Of Things-based DDoS Attack Detection Based On Traffic

In recent years,the Internet of Things(Io T)has gradually influenced many aspects of people's living,reforming the traditional way of life,and bringing intelligence to many fields such as smart home,medical treatment and transportation,which has brought great convenience to people's lives.However,a huge number of Io T devices have limited computing ability and storage capability,and there are some security risks.Because of this,in recent years,attackers have turned their attention to Io T devices which are numerous and have security vulnerabilities,using a large number of vulnerable Io T devices to form large-scale botnets to launch DDoS attacks.When Io T-based DDoS attacks become the main method of DDoS attacks,the large-scale Io T device traffic will undoubtedly cause great harm to the network.As a result,Io T-based DDoS attacks have become a serious problem for network security.With the development of DDoS attack technology,a new type of hidden DDoS attacks,link-flooding attacks,has emerged.This attack is extremely harmful and highly concealed.As a result,the traditional DDoS attack detection methods cannot accurately detect this attack,which makes the research on Io Tbased DDoS attack detection worse.In order to solve the above problems,this paper proposes Io T-based DDoS attack detection based on traffic.An emerging network architecture,Software-Defined Networking(SDN),is used to implement attack detection when the attack traffic is propagated and is not aggregated on the target host.Because most of the existing detection work is implemented at the controller of the SDN,there are problems such as the overload of the controller and the time delay of detection.To solve the above problems,this paper proposes a method to detect and mitigate Io T-based DDoS attacks in real time on the edge of the network.For the hidden link-flooding attacks,due to the concealment of its attack methods and the limitations of the edge-side detection method,this paper proposes a method to detect link-flooding attacks on the controller layer of the SDN.For the edge-side detection method,this paper fully considers the traffic characteristics of Io T devices and implements the detection method on the SDN-based Io T gateways.Mine the characteristics of Io T-based DDoS attacks by taking the data of the flow table as the analysis object.The feature data is collected in real time,and the online detection of the Io T-based DDoS attacks is realized by machine learning models which are obtained by offline training.When the attacks are detected,this method can quickly locate the attack traffic through the attack response mechanism and issue security rules to mitigate the attack damage.For the detection method of link-flooding attacks on the controller layer,this paper considers to control the whole network links and monitors the congestion of each link.In order to reduce the cost of detection calculation and storage,this paper proposes a target link search method.This method filters the links of the entire network by calculating the importance and congestion of each link.The convolutional neural network is used in the method to analyze the information of the target links,and learns the time series characteristics distribution function of the attacks to realize the detection of the hidden link-flood attacks.To evaluate the proposed detection methods,this paper builds SDN simulation environment.Experimental results show that the edge-side detection method can detect DDoS attacks with high accuracy,and can mitigate attacks in a short time.For the hidden link-flooding attacks,the target link search method proposed in this paper can effectively filter links,and the proposed detection model can fit the attack feature distribution function well and detect link-flooding attacks accurately.