Design And Implementation Of DDoS Attack Intrusion Detection System Based On Federated Learning

The rapid development of the Internet era provides more convenient services for people’s daily life.However,the frequency of malicious network attacks and their degree of harm are increasing year by year,especially Distributed Denial of Service(DDoS)attacks,which account for a relatively high proportion and cause great harm.The traditional intrusion detection methods for DDoS attacks are affected by data silos and privacy restrictions,and it is difficult to order multiple access devices to share attack data without exchanging data content.Federated learning provides a new way to share attack data for intrusion detection of multi-domain and multi-type DDoS attacks under the condition of non-intercommunication of data content.Therefore,in the multi-domain and multi-type DDoS attack scenario,this thesis designs and implements a DDoS attack intrusion detection system based on federated learning,relying on feature engineering,horizontal SecureBoost algorithm and other technologies.The intrusion detection system includes various types of DDoS attack range modules,DDoS attack data acquisition and processing modules,federated data coordination modules,federated training modules and intrusion detection verification modules.The intrusion detection system is deployed at each access domain gateway,and the detection accuracy of each DDoS attack is over 90%.The specific contributions of this thesis are as follows:(1)Build a variety of DDoS attack ranges.Based on attack tools,a network attack environment with four typical DDoS attacks,SYN flood attack,UDP flood attack,DRDoS attack and slow DDoS attack,is formed,and attacks are randomly launched to different access domains.(2)Various types of DDoS attack data processing and training.In the DDoS attack data collection and processing module,a feature screening algorithm based on four feature engineering methods is proposed to obtain data sets that better characterize different types of DDoS attacks.In the federated data coordination module,an adaptive federated scheduling algorithm is proposed,which effectively avoids the data imbalance problem caused by data duplication,and improves the model training efficiency and performance in federated learning to a certain extent.The horizontal SecureBoost algorithm is used in the federated training module and the intrusion detection verification module,and the optimal model is obtained through parameter tuning and deployed in the access gateways of each domain.(3)Intrusion detection system experimental environment construction and performance verification.In the multi-domain and multi-type DDoS attack range environment,the burst attack and continuous attack scenarios are simulated respectively,and the performance of the DDoS attack intrusion detection system based on federated learning in each module is evaluated by four evaluation indicators:accuracy,precision,recall and F1 score.By comparing with other methods,it is concluded that the detection system proposed in this thesis has the best detection performance.