Research on DDOS attack detection method based on dynamic threshold

• Main Authors: Tan, Xiaobo, Zhang, Zhongliang
• Format: Conference Proceeding
• Language: English
• Published: SPIE 25.05.2023
• ISBN: 1510664815; 9781510664814
• ISSN: 0277-786X
• DOI: 10.1117/12.2675156

Distributed Denial of Service (DDOS) attack is a typical network attack. It paralyzes the target host through a large amount of resource occupation, which poses a great threat to Internet security. Since the birth of distributed denial of service (DDOS) attacks, a large number of them have been designed for DDOS detection every year. However, in the high-speed network era, they cannot control the complex and changing network environment. Therefore, this paper proposes a dynamic threshold detection method based on machine learning. This method processes network traffic in segments, analyzes the characteristics of a segment of network traffic and converts it into four traffic attributes, predicts the threshold of the next window by sliding window, and classifies data points in the window by using similarity. When all four attributes exceed the threshold range in a certain period of time, it is considered to be subject to DDOS attacks. At the same time, a freezing backtracking mechanism is proposed to prevent dynamic parameters from being polluted by attack traffic and speed up the generation of new thresholds after the attack. Compared with the traditional fixed threshold algorithm, this method has a very low false alarm rate for complex network environment, faster processing time, and significantly improved accuracy.