Research And Implementation Of DDoS Attack Detection Technology Based On Network Traffic

With the continuous development of computer network technology and information technology,emerging technologies represented by mobile Internet,cloud computing,edge computing and Internet of things not only bring convenience to people,but also severe security challenges.Network security accidents occur frequently,and security events such as extortion virus,sensitive information disclosure and distributed denial of service emerge one after another.Among them,distributed denial of service(DDoS)attack is the most common attack method.With the explosive growth of network data traffic,the harm caused by DDoS attack is becoming more and more serious,and the scope and scale are also expanding,Therefore,it puts forward higher requirements for DDoS attack detection methods.At present,the existing DDoS attack detection technology has the following problems: accuracy,false positive rate and detection time can not be taken into account,and the real-time detection of big data network traffic can not be guaranteed.In view of the problems existing in the above DDoS attack detection methods,facing a large number of network real-time data scenes,this paper proposes a DDoS attack detection system based on feature extraction and integrated learning method,and designs a DDoS attack detection system based on network data traffic.The work of this paper is summarized as follows:(1)In view of the poor effect of DDoS detection directly on network single packet traffic,this paper proposes a calculation method based on statistical feature analysis.Through the analysis and calculation of various DDoS attack behavior modes,the 18 dimensional feature vector containing data flow information is finally trained,which solves the problem of low time performance of training all single packet fields The problem of low accuracy and high false alarm rate of detection results.For the acquisition of statistical information,this paper adopts the Flink stream aggregation method based on five tuples < source IP,destination IP,source port,destination port,protocol number >,aggregates the collected single data packet into a data stream according to five tuples,and then calculates the statistical information of the stream.For the calculation of statistical characteristics,this paper calculates the information entropy of source and end IP,which can better reflect the corresponding relationship between source and end IP.At the same time,it also calculates the statistical characteristics such as time characteristics and payload to measure DDoS attack behavior,so as to more comprehensively reflect the information contained in flow data.(2)In view of the high demand for DDoS attack detection performance of massive data,this paper proposes an integrated learning model which can effectively detect DDoS attacks.The model is an optimization model LG xgboost based on extreme gradient lifting(xgboost)classifier.LG xgboost is optimized on the xgboost algorithm.LG xgboost model first adds the loss function focal loss to the objective function obj in xgboost algorithm,and adds weight according to the difficulty of samples,which improves the processing ability of the objective function of xgboost algorithm for difficult samples,so as to improve the performance of the model.Secondly,LG xgboost model improves the scoring function gain used in xgboost algorithm to find the syncopation point,and adds the average gain value,so as to better determine the best splitting point and further improve the performance of the model.Therefore,the LG xgboost model developed in this paper can detect DDoS abnormal traffic more accurately and quickly.The experimental results based on CIC DDoS 2019 data set show that the accuracy of LG xgboost model is as high as 0.982,the false positive rate is only0.038,and the training time is only 6.8min,which shows the high detection performance of LG xgboost model.(3)Based on the above research,combined with the existing data processing technology,this paper designs and implements a DDoS attack detection system based on network data traffic.The system can collect data packets on nodes,process and calculate the collected data according to the statistical analysis method mentioned above,and detect and visualize the abnormal traffic of DDoS attacks.The following paper makes a detailed introduction to the functional requirements,architecture design,sub module design and implementation of the system.Finally,the function test of the system is carried out in the built network environment.The results show that the system can detect DDoS attacks well,and the test results are fully displayed on the page.