Research On Data Link Layer Identification Technology For VSAT Network Security

Since the outbreak of COVID-19 in 2020,Internet communication has made up the distance between people.Under the background of network globalization,VS AT satellite communication system plays an increasingly important role in global network interconnection.However,the security defense mechanism of VS AT satellite communication system is weak,and there is little research on this aspect.The existing attack detection methods are often based on the in-depth analysis of packets,which have high requirements for computing resources and are difficult to be applied to VS AT satellite communication system.Therefore,it is necessary to find an attack detection method suitable for VS AT satellite communication system.For that the deep parsing of packets above the network layer requires a lot of computing resources and lacks practical applicability,this paper classifies the service traffic based on the statistical feature extraction of flows at the data link layer,and completes the identification of attack behavior under two common attack situations.The main work of this paper includes three aspects.Firstly,based on the research of VSAT satellite communication process,this paper carries out VS AT satellite communication data link layer simulation.After designing traffic capture for seven applications respectively,we uses the link layer simulation platform to package the data into frames,so as to establish the basic data flow set for the follow-up research work.Secondly,this paper analyzes the statistical characteristics of the link layer flow,and obtains the feature extraction time granularity of the traffic classification.On this basis,we extracts the features of the data flow,filters the features with high gain,and trains the random forest model to complete the traffic classification.The experimental results show that on the premise of extracting the features in appropriate time detection granularity,the method used in this paper can complete the identification of business flow.Also,the feature screening process in the data prepossessing stage can improve the classification efficiency of the model to a certain extent.Finally,based on the traffic classification model,this paper studies the attack signal detection methods in two different attack scenarios-DDOS attack and replay attack.On the premise of identifying the type of application traffic,DTW index is used to measure the similarity between different data streams,and normal user data streams and DDOS attack streams are distinguished according to the high similarity between DDOS attack data streams;Replay attack detection is done by designinng an algorithm to decompose the data stream according to the characteristics of replay attack data stream,and compares the similarity of decomposed data stream.The experimental results show that there are obvious differences between DDOS attack flows and ordinary user data flows in the case of network data jitter and delay;After decomposing the replay attack data stream,compare the data similarity.The similarity of ordinary user data stream is lower than that of attack data stream.