DDoS Attack Detection Method Based on Network Abnormal Behavior in Big Data Environment
share
Distributed denial of service (DDoS) attack becomes a rapidly growing problem with the fast development of the Internet. The existing DDoS attack detection methods have time-delay and low detection rate. This paper presents a DDoS attack detection method based on network abnormal behavior in a big data environment. Based on the characteristics of flood attack, the method filters the network flows to leave only the 'many-to-one' network flows to reduce the interference from normal network flows and improve the detection accuracy. We define the network abnormal feature value (NAFV) to reflect the state changes of the old and new IP address of 'many-to-one' network flows. Finally, the DDoS attack detection method based on NAFV real-time series is built to identify the abnormal network flow states caused by DDoS attacks. The experiments show that compared with similar methods, this method has higher detection rate, lower false alarm rate and missing rate.
READ FULL TEXT
