基于Spark-streaming的DDoS攻击实时监测方法的研究
发布时间:2018-12-13 12:58
【摘要】:随着大数据技术的蓬勃发展,当前大数据技术的应用也十分广泛。大数据安全分析也成为了一个较为热门的课题。然而对于DDoS攻击,从它诞生之日起,就一直是网络安全的主要威胁之一。虽然有众多致力于维护网络安全的专家、学者,做出了许多富有成效的工作来检测和防御DDoS攻击。但是随着云计算等新兴技术的发展,DDo S攻击对互联网的威胁也越发恶劣。为了能够又快又准地检测出针对TCP协议的DDoS攻击事件。本文从大数据处理的角度出发,提出了采用以Spark-streaming流式计算框架为计算核心的大数据流式处理平台,结合朴素贝叶斯分类算法来检测DDoS攻击的方案。在查阅大量DDoS攻击的相关资料后,本文首先分析了DDoS攻击的原理,以及DDoS攻击主要方式;再从检测和防御两个方面,总结了前人的相关研究;并重点分析了采用朴素贝叶斯分类算法通过解析数据包头信息来判断攻击的方法。而后,着重介绍利用大数据平台处理DDoS攻击的方案。本方案将从三个层面来分析检测DDoS攻击事件,分别是数据收集层、整理层、处理层。在收集层,被访问服务器利用Li nux系统自带的tcpdump命令捕获TCP数据包。Flume框架将捕获的TCP数据包发送给整理层的Kafka框架;整理层的Kafka框架将多个Flume框架发送过来的TCP数据包汇总缓存;编写并打包好包含朴素贝叶斯分类算法的程序,分批提交给Spark集群进行处理。最后,本文通过对针对TCP协议的SYN-Flooding、Landing攻击、RST重置攻击进行对比试验、测试分析。验证了本系统具有较高的实时性和准确度。
[Abstract]:With the vigorous development of big data technology, the current big data technology is also widely used. Big data safety analysis has also become a hot topic. However, DDoS attack has been one of the main threats to network security since it was born. Although there are many experts and scholars dedicated to maintaining network security, a lot of fruitful work has been done to detect and defend against DDoS attacks. However, with the development of cloud computing and other emerging technologies, DDo S attacks are increasingly threatening the Internet. In order to detect DDoS attacks against TCP protocol quickly and accurately. In this paper, from the view of big data processing, a large data stream processing platform based on Spark-streaming flow computing framework is proposed to detect DDoS attacks with naive Bayesian classification algorithm. After consulting a large number of related data of DDoS attacks, this paper firstly analyzes the principle of DDoS attacks and the main methods of DDoS attacks, and then summarizes the previous research from two aspects: detection and defense. The method of analyzing the header information of data packet by using naive Bayes classification algorithm is analyzed. Then, introduce the scheme of using big data platform to deal with DDoS attack. This scheme will analyze and detect DDoS attacks from three layers, namely, data collection layer, collation layer and processing layer. In the collection layer, the accessed server uses the tcpdump command of the Li nux system to capture the TCP packet. The Flume framework sends the captured TCP packet to the Kafka framework of the collation layer. The Kafka framework of the finishing layer caches the TCP data packets sent by several Flume frameworks, and compiles and packages the procedures containing the naive Bayes classification algorithm, and submits them to the Spark cluster for processing in batches. Finally, this paper compares the SYN-Flooding,Landing attack and RST reset attack against TCP protocol. It is verified that the system has high real-time and accuracy.
【学位授予单位】:南京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08;TP311.13
本文编号:2376568
[Abstract]:With the vigorous development of big data technology, the current big data technology is also widely used. Big data safety analysis has also become a hot topic. However, DDoS attack has been one of the main threats to network security since it was born. Although there are many experts and scholars dedicated to maintaining network security, a lot of fruitful work has been done to detect and defend against DDoS attacks. However, with the development of cloud computing and other emerging technologies, DDo S attacks are increasingly threatening the Internet. In order to detect DDoS attacks against TCP protocol quickly and accurately. In this paper, from the view of big data processing, a large data stream processing platform based on Spark-streaming flow computing framework is proposed to detect DDoS attacks with naive Bayesian classification algorithm. After consulting a large number of related data of DDoS attacks, this paper firstly analyzes the principle of DDoS attacks and the main methods of DDoS attacks, and then summarizes the previous research from two aspects: detection and defense. The method of analyzing the header information of data packet by using naive Bayes classification algorithm is analyzed. Then, introduce the scheme of using big data platform to deal with DDoS attack. This scheme will analyze and detect DDoS attacks from three layers, namely, data collection layer, collation layer and processing layer. In the collection layer, the accessed server uses the tcpdump command of the Li nux system to capture the TCP packet. The Flume framework sends the captured TCP packet to the Kafka framework of the collation layer. The Kafka framework of the finishing layer caches the TCP data packets sent by several Flume frameworks, and compiles and packages the procedures containing the naive Bayes classification algorithm, and submits them to the Spark cluster for processing in batches. Finally, this paper compares the SYN-Flooding,Landing attack and RST reset attack against TCP protocol. It is verified that the system has high real-time and accuracy.
【学位授予单位】:南京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08;TP311.13
【参考文献】
相关期刊论文 前7条
1 江原;;挥之不去的梦魇——DDoS攻击[J];信息安全与通信保密;2013年10期
2 汤昒昊;;从“棱镜门”事件看美国的情报监督机制[J];情报杂志;2013年09期
3 张永铮;肖军;云晓春;王风宇;;DDoS攻击检测和控制方法[J];软件学报;2012年08期
4 王左利;魏亮;;揭秘5·19断网风暴[J];中国教育网络;2009年07期
5 孙红杰;方滨兴;张宏莉;;基于链路特征的DDoS攻击检测方法[J];通信学报;2007年02期
6 罗华;胡光岷;姚兴苗;;基于网络全局流量异常特征的DDoS攻击检测[J];计算机应用;2007年02期
7 赵福祥,王育民,赵红云;一种用于移动代理的安全方法研究[J];信息安全与通信保密;2001年02期
相关硕士学位论文 前3条
1 陈勇;Linux平台下应对DDoS攻击检测过滤技术研究[D];南京邮电大学;2015年
2 胥秋华;DDoS攻击防御关键技术的研究[D];上海交通大学;2007年
3 沈清;基于linux内核的防SYN Flood系统分析与研究[D];浙江大学;2006年
,本文编号:2376568
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2376568.html
