Research On DDOS Attack Detection Technology Based On Machine Learning

Distributed denial of service(DDOS)attack is a typical network attack mode.It paralyzes the target host by occupying a large number of resources,which is a great threat to network security.According to the frequency of attack traffic,DDOS attacks can be divided into high-speed,low-speed and variable rate DDOS attacks.At this stage,the detection of DDOS attacks mainly uses three categories: statistical methods,machine learning,and deep learning.However,in the detection process,due to the respective attack characteristics of variable rate attacks and low rate attacks,the characteristics of attack traffic are very similar to those of normal traffic.The existing detection methods have problems such as poor detection accuracy and low efficiency.Therefore,this paper studies the detection of variable rate DDOS attacks and low rate DDOS attacks,The specific work is as follows:(1)In variable rate DDOS attacks,the attack traffic will increase or fluctuate over time,which is difficult to detect or respond by current methods.In order to solve the above problems,this paper proposes a dynamic threshold detection method based on bidirectional short-and long-term memory network.First,the network traffic is segmented by time cutting,the characteristics in the network traffic segment are extracted and converted into four traffic attributes,and the flow segment data is collected by sliding window.Secondly,the appropriate parameters are selected through the analysis of the network environment to generate the dynamic threshold.At the same time,the freezing and thawing mechanism of key parameters is proposed to prevent the dynamic threshold parameters from being polluted by attack traffic.Finally,we analyze the traffic through two-way short-term memory network,and then judge whether the data characteristics of the network flow at a certain time exceed the range set by the dynamic threshold.The network flow beyond the threshold range will be considered as DDOS attack traffic.Compared with the traditional fixed threshold algorithm,the dynamic threshold detection method based on bidirectional short-term memory network has a very low false alarm rate in the complex network environment,a short processing time,and a high accuracy rate in detecting variable rate DDOS attacks.(2)Low rate DDOS attacks require very little bandwidth,and a large number of low-speed connections are mixed with normal traffic,which is difficult to distinguish.In view of the above problems,this paper uses the factorization method to detect them.This method first extracts the characteristics of low and medium rate DDOS attacks in the traffic.In order to accelerate the calculation of huge network data,it uses the similarity method to preliminarily classify the network traffic and screen out the low rate network traffic.Secondly,the factor decomposition method is used to detect the data characteristics of low rate traffic.If it is a low rate DDOS attack,a warning will be given immediately.Finally,the attack traffic characteristics are recorded through the attack spectrum,and the spectrum is generated to detect other connection requests from the same source.The simulation results show that the factor decomposition method proposed in this paper has low false alarm rate for identifying low rate DDOS attacks,fast detection speed,and better performance than traditional methods.