基于Hadoop与SVM的DDoS攻击检测技术研究与应用

发布时间：2018-04-18 18:34

本文选题：Hadoop云平台 + 分布式拒绝服务攻击　；参考：《山东科技大学》2017年硕士论文

【摘要】：DDoS (Distributed Denial of Service,分布式拒绝服务)攻击是一种通过控制大量计算机(本文称为傀儡机)发送超大数据量的资源请求来侵占应用资源、网络带宽资源以及系统资源的网络攻击,它以破坏计算机系统和网络的可用性为目标,是目前威胁互联网安全的最主要因素之一。目前已有一些较为成熟的单机DDoS攻击检测技术,但由于单台计算机或服务器的检测能力有限,目前已有的DDoS攻击检测技术很难有效的检测针对大型局域网的DDoS攻击。Hadoop云平台将大规模存储与计算资源进行有效整合,通过众多计算机以集群的方式并行运行,实现高速计算和存储。本文通过在单机环境下DDoS攻击检测较为成熟的SVM算法结合Hadoop云平台高速计算分析能力和强大的存储能力,有效的解决大型局域网的DDoS攻击的检测问题。本文首先在研究DDoS攻击的原理的基础上对DDoS攻击的类型进行分类,然后研究Hadoop相关技术以及单机SVM算法,将SVM算法推广到Hadoop云平台下,设计了基于Hadoop环境下的并行分布式SVM算法。该算法通过对训练样本合理分块,在层叠训练过程中设置合理的层叠停止条件以及自定义MapReduce过程,解决在训练学习过程中训练样本随机分布导致得到分类器不准确或者出现得不到分类器的极端情况问题,以及将训练样本划分成小样本块进行层叠训练过程中的重新散列等问题,充分利用Hadoop云平台高速计算分析能力和强大的存储能力,在保证准确率的同时提高训练学习效率。本文同时提出 DDBHS (DDoS Attack Detection Based on Hadoop and SVM)系统的概念,利用基于Hadoop云平台的并行分布式SVM算法进行训练学习并检测DDoS攻击,对DDBHS系统的检测模块和Hadoop云平台的系统结构进行了设计,通过建立攻击检测联盟,使控制节点可以控制训练学习节点和攻击检测节点的状态和责任转换,在提升检测效率的同时有效利用系统资源。论文实现了 DDBHS系统,并将其应用到实际环境中进行DDoS攻击检测,通过实测验证了论文所设计实现的DDBHS系统针对DDoS攻击具有较高的效率和准确性。
[Abstract]:DDoS distributed Denial of Service (DDoS) attack is a network attack that invades application resources, network bandwidth resources and system resources by controlling a large number of computers (in this paper called puppet machines) to send large amount of data resource requests.It aims to destroy the usability of computer systems and networks and is one of the most important factors threatening Internet security.At present, there are some mature single machine DDoS attack detection techniques, but the detection ability of single computer or server is limited.At present, the existing DDoS attack detection technology is very difficult to effectively detect the DDoS attack. Hadoop cloud platform against large local area networks, which integrates large-scale storage and computing resources effectively, and runs in parallel through numerous computers in a cluster manner.Achieve high speed computing and storage.In this paper, the problem of DDoS attack detection in large local area network is effectively solved by using the mature SVM algorithm of DDoS attack detection in a single computer environment, combined with the high speed computing and analyzing ability and powerful storage ability of Hadoop cloud platform.In this paper, the types of DDoS attacks are classified on the basis of studying the principle of DDoS attacks, and then the related techniques of Hadoop and single-machine SVM algorithms are studied, and the SVM algorithm is extended to the Hadoop cloud platform.A parallel distributed SVM algorithm based on Hadoop is designed.By dividing the training samples into blocks reasonably, the algorithm sets reasonable stack stopping conditions and custom MapReduce process in the process of cascading training.In order to solve the problem that the random distribution of training samples leads to inaccurate classifier or the extreme situation of not getting classifier in the process of training and learning,The training samples are divided into small sample blocks and rehashing in the process of cascading training, which makes full use of the high speed computing and analysis ability and powerful storage ability of Hadoop cloud platform, so as to ensure the accuracy of training and learning efficiency at the same time.At the same time, the concept of DDBHS DDoS Attack Detection Based on Hadoop and SVM system is proposed. The parallel distributed SVM algorithm based on Hadoop cloud platform is used to train and learn and detect DDoS attacks. The detection module of DDBHS system and the system structure of Hadoop cloud platform are designed.By establishing the attack detection alliance, the control node can control the state and responsibility transition between the training learning node and the attack detection node, and make effective use of the system resources while improving the detection efficiency.In this paper, the DDBHS system is implemented, and it is applied to the real environment to detect the DDoS attack. The experimental results show that the DDBHS system designed and implemented in this paper has high efficiency and accuracy for DDoS attack.
【学位授予单位】：山东科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】