计算机科学与探索 ›› 2016, Vol. 10 ›› Issue (5): 601-611.DOI: 10.3778/j.issn.1673-9418.1507049

• 学术研究 • 上一篇    下一篇

使用Spark Streaming的自适应实时DDoS检测和防御技术

方  峰,蔡志平+,肇启佳,林加润,朱  明   

  1. 国防科学技术大学 计算机学院,长沙 410073
  • 出版日期:2016-05-01 发布日期:2016-05-04

Adaptive Technique for Real-Time DDoS Detection and Defense Using Spark Streaming

FANG Feng, CAI Zhiping+, ZHAO Qijia, LIN Jiarun, ZHU Ming   

  1. College of Computer Science, National University of Defense Technology, Changsha 410073, China
  • Online:2016-05-01 Published:2016-05-04

PDF

摘要: 分布式拒绝服务(distributed denial of service,DDoS)攻击是重要的安全威胁,网络速度的不断提高给传统的检测方法带来了新的挑战。以Spark等为代表的大数据处理技术,给网络安全的高速检测带来了新的契机。提出了一种基于Spark Streaming框架的自适应实时DDoS检测防御技术,通过对滑动窗口内源簇进行分组,并根据与各分组内源簇比例的偏差统计,检测出DDoS攻击流量。通过感知合法的网络流量,实现了对DDoS攻击的自适应快速检测和有效响应。实验结果表明,该技术可极大地提升检测能力,为保障网络服务性能和安全检测的可扩展性提供了一种可行的解决方案。

关键词: DDoS检测, DDoS防御, 实时检测, 自适应检测, Spark Streaming

Abstract: Distributed denial of service (DDoS) attack is an important security threat, the constant improvement of network speed to the traditional detection methods has brought new challenges. Represented by Spark and so on, the big data processing technology brings new opportunity to the completion of high-speed safety detection. This paper proposes an adaptive technique for real-time DDoS detection and defense using Spark Streaming framework. Based on source cluster grouping in sliding windows, and the deviation of proportionate to the source cluster of groups, this paper detects out the DDoS attack traffic trace, and realizes the adaptive rapid and precise detection of DDoS attacks through sensing legitimate network traffic. The experimental results show that the technique can greatly improve detection capabilities, in order to ensure the security of network service performance and the extensibility of detection, this paper provides a feasible solution.

Key words: DDoS detection, DDoS defense, real-time detection, adaptive detection, Spark Streaming

京ICP备13024263号-1
Copyright © 《计算机科学与探索》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数