基于Hadoop架构的混合型DDoS攻击分布式检测系统

混合型DDoS攻击采取多种数据类型相结合的方式,具有穿透力强、难以被精确检测的特点,逐步取代了单一类型的DDoS攻击.文章针对混合型DDoS攻击的检测,设计了基于Hadoop集群的分布式入侵检测架构,并提出了一种利用MapReduce模型的多属性融合检测算法.该算法对传统的仅从IP单一角度进行检测的算法进行改进,能够融...

Hybrid DDoS Attack Distributed Detection System Based on Hadoop Architecture

Hybrid DDoS attack adopts the attack mode combining multiple data types,and gradually replaces the single type of DDoS attack because of its strong penetrating power and difficult to be accurately detected.For the detection of hybrid DDoS attacks,a distributed intrusion detection architecture based on Hadoop cluster is designed,and a multi-attribute fusion detection algorithm using MapReduce model is proposed.This algorithm improves the traditional algorithm which only detects from IP single angle,and can realize intrusion traffic detection by integrating IP,data frame length,flag bit and other multiple attributes and adaptive adjustment threshold.The experimental results show that the distributed intrusion detection system designed in this paper has good scalability,and better detection performance can be achieved by expanding the cluster scale and increasing the HDFS block size.Compared with the traditional detection algorithm,the detection rate of hybrid DDoS attack is significantly improved without significant increase in detection time,and the specific attack type can be determined.