基于Hadoop架构的混合型DDoS攻击分布式检测系统

doi:10.3969/j.issn.1671-1122.2021.02.008

信息网络安全 ›› 2021, Vol. 21 ›› Issue (2): 61-69.doi: 10.3969/j.issn.1671-1122.2021.02.008

基于Hadoop架构的混合型DDoS攻击分布式检测系统

罗文华(), 程家兴

中国刑事警察学院公安信息技术与情报学院,沈阳 110035

收稿日期:2020-11-15 出版日期:2021-02-10 发布日期:2021-02-23
通讯作者: 罗文华 E-mail:Luowenhua770404@126.com
作者简介:罗文华（1977—）,男,辽宁,教授,硕士,主要研究方向为信息网络安全与电子数据取证|程家兴（1997—）,男,安徽,硕士研究生,主要研究方向为信息网络安全与电子数据取证
基金资助:
国家重点研发计划(2018YFC0830600);公安部技术研究计划(2017JSYJA10)

Hybrid DDoS Attack Distributed Detection System Based on Hadoop Architecture

LUO Wenhua(), CHENG Jiaxing

College of Public Security Information Technology and Information, Criminal Investigation Police University of China, Shenyang 110035, China

Received:2020-11-15 Online:2021-02-10 Published:2021-02-23
Contact: LUO Wenhua E-mail:Luowenhua770404@126.com

摘要/Abstract

摘要：

混合型DDoS攻击采取多种数据类型相结合的方式,具有穿透力强、难以被精确检测的特点,逐步取代了单一类型的DDoS攻击。文章针对混合型DDoS攻击的检测,设计了基于Hadoop集群的分布式入侵检测架构,并提出了一种利用MapReduce模型的多属性融合检测算法。该算法对传统的仅从IP单一角度进行检测的算法进行改进,能够融合IP、数据帧长度、标志位等多重属性并通过自适应调整阈值实现入侵流量检测。实验结果表明,该系统具有良好的扩展性,通过扩展集群规模与调大HDFS分块可获得更优的检测性能。与传统检测算法相比,在检测时间未明显增加的情况下,该系统可显著提高混合型DDoS攻击的检测率,同时能够确定具体攻击类型。

关键词: 混合型DDoS攻击, Hadoop, MapReduce, 阈值, 标志位

Abstract:

Hybrid DDoS attack adopts the attack mode combining multiple data types, and gradually replaces the single type of DDoS attack because of its strong penetrating power and difficult to be accurately detected. For the detection of hybrid DDoS attacks, a distributed intrusion detection architecture based on Hadoop cluster is designed, and a multi-attribute fusion detection algorithm using MapReduce model is proposed. This algorithm improves the traditional algorithm which only detects from IP single angle, and can realize intrusion traffic detection by integrating IP, data frame length, flag bit and other multiple attributes and adaptive adjustment threshold. The experimental results show that the distributed intrusion detection system designed in this paper has good scalability, and better detection performance can be achieved by expanding the cluster scale and increasing the HDFS block size. Compared with the traditional detection algorithm, the detection rate of hybrid DDoS attack is significantly improved without significant increase in detection time, and the specific attack type can be determined.

Key words: hybrid DDoS attack, Hadoop, MapReduce, threshold, flag bit

中图分类号:

TP309

罗文华, 程家兴. 基于Hadoop架构的混合型DDoS攻击分布式检测系统[J]. 信息网络安全, 2021, 21(2): 61-69.

LUO Wenhua, CHENG Jiaxing. Hybrid DDoS Attack Distributed Detection System Based on Hadoop Architecture[J]. Netinfo Security, 2021, 21(2): 61-69.

图/表 11

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

表1

参考文献 15

[1]	LIU Jiwei, LI Ruinan, ZHANG Yu, et al. Application of Incremental GHSOM Algorithm in DDoS Attack Detection[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2020,40(3): 82-88.
	刘纪伟, 李睿楠, 张玉, 等. 一种增量式GHSOM算法在DDoS攻击检测中的应用[J]. 南京邮电大学学报(自然科学版), 2020,40(3): 82-88.
[2]	LUO Wenhua, XU Caidian. Using Improved DBSCAN Clustering to Implement Multi-step Network Intrusion Detection[J]. Mini-micro Systems, 2020,41(8): 1725-1731.
	罗文华, 许彩滇. 利用改进DBSCAN聚类实现多步式网络入侵类别检测[J]. 小型微型计算机系统, 2020,41(8): 1725-1731.
[3]	LEE Y, LEE Y. Detecting DDoS Attacks with Hadoop[C]//ACM. Co-NEXT’11: Conference on Emerging Networking Experiments and Technologies, December 6-9, 2011, Tokyo, Japan. New York: ACM, 2011: 51-63.
[4]	WU Xiaoqin, HUANG Wenpei. Hadoop Security and Attack Detection Methods[J]. Journal of Computer Applications, 2020,40(S1): 118-123.
	吴晓琴, 黄文培. Hadoop安全及攻击检测方法[J]. 计算机应用, 2020,40(S1): 118-123.
[5]	LI Zhongwen, WU Chengbin, XU Xiaochen. Research on DDoS Intrusion Detection System Based on Linux High Speed Packet Capturing Platform[J]. Computer Science, 2014,41(4): 159-162.
	黎忠文, 吴成宾, 许晓晨. 基于Linux高速报文捕获平台的DDoS入侵检测系统的研究[J]. 计算机科学, 2014,41(4): 159-162.
[6]	WANG Wentao, LI Shumei, TANG Jie, et al. DDoS Attack Detection Method Based on Probability Graph Model and DNN[EB/OL]. https://kns.cnki.net/kcms/detail/11.2127.TP.20200702.1553.014.html, 2020-08-11.
	王文涛, 李树梅, 汤婕, 等. 结合概率图模型与DNN的DDoS攻击检测方法[EB/OL]. https://kns.cnki.net/kcms/detail/11.2127.TP.20200702.1553.014.html, 2020-08-11.
[7]	PI Jianyong, GONG Mingshu, LIU Xinsong, et al. Host Anomaly Intrusion Detection Model Based on Access Control[J]. Application Research of Computers, 2009,26(2): 726-729, 732.
	皮建勇, 巩明树, 刘心松, 等. 基于访问控制的主机异常入侵检测模型[J]. 计算机应用研究, 2009,26(2): 726-729, 732.
[8]	DONG Ruihong, YAN Houhua, ZHANG Qiuyu, et al. Distributed WSN Intrusion Detection Model Based on Deep Forest Algorithm[J]. Journal of Lanzhou University of Technology, 2020,46(4): 103-109.
	董瑞洪, 闫厚华, 张秋余, 等. 基于深度森林算法的分布式WSN入侵检测模型[J]. 兰州理工大学学报, 2020,46(4): 103-109.
[9]	JIN Guodong, BIAN Haoqi, CHEN Yueguo, et al. Survey on Storage and Optimization Techniques of HDFS[J]. Journal of software, 2020,31(1): 137-161.
	金国栋, 卞昊穹, 陈跃国, 等. HDFS存储和优化技术研究综述[J]. 软件学报, 2020,31(1): 137-161.
[10]	WEI Qi, WU Yong, JIANG Yiwei, et al. Algorithm for Two-stage Hybrid Flow Shop in MapReduce Systems[J]. Systems Engineering-theory & Practice, 2020,40(5): 1255-1265.
	魏麒, 吴用, 蒋义伟, 等. MapReduce系统中的两阶段混合流水作业调度算法[J]. 系统工程理论与实践, 2020,40(5): 1255-1265.
[11]	DEAN J, GHEMAWAT S. MapReduce: Simplified Data Processing on Large Clusters[J]. Operatin Systems Design and Implementation(OSDI), 2004,51(1): 107-113.
[12]	KAVULYA S, TAN J, GANDHI R, et al. An Analysis of Traces From a Production MapReduce Cluster[C]// IEEE. 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, June 24, 2010, Melbourne, VIC, Australia. New Jersey: IEEE, 2010: 94-103.
[13]	HAMEED S, ALI U. HADEC: Hadoop-based live DDoS detection framework[J]. Information Security, 2018,18(1): 1-19.
[14]	LUO Wenhua, ZHANG Yan. Using the Improved Major Clust Algorithm to Realize Unusual User Behavior Orientation[J]. Mini-micro Systems, 2019,40(11): 2374-2379.
	罗文华, 张艳. 利用改进的MajorClust算法实现异常用户行为定位[J]. 小型微型计算机系统, 2019,40(11): 2374-2379.
[15]	LIU Jia, XIAO Pengbin, YUAN Youhong. Distributed Multi-strategy CFAR Detection Algorithm Based on Adaptive Threshold Selection[J]. Electronics Optics & Control, 2020,27(9): 60-65.
	刘佳, 肖鹏斌, 袁有宏. 基于自适应阈值选择的分布式多策略CFAR检测算法[J]. 电光与控制, 2020,27(9): 60-65.

攻击比例/%	单一算法检测率/%	融合算法检测率/%
50	80	91
75	84	93

基于Hadoop架构的混合型DDoS攻击分布式检测系统

Hybrid DDoS Attack Distributed Detection System Based on Hadoop Architecture

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 15

相关文章 15

编辑推荐

Metrics

本文评价

[1]	吴天雄, 陈兴蜀, 罗永刚. 大数据平台下应用程序保护机制的研究与实现[J]. 信息网络安全, 2019, 19(1): 68-75.
[2]	陆勰, 罗守山, 张玉梅. 基于Hadoop的海量安全日志聚类算法研究[J]. 信息网络安全, 2018, 18(8): 56-63.
[3]	张春霞, 王新猛, 张晓熙. 基于Hadoop的森林公安网络舆情监测系统设计与实现[J]. 信息网络安全, 2018, 18(12): 82-86.
[4]	马军岩, 曾国荪. 基于MapReduce的开源代码并行爬取方法研究与实现[J]. 信息网络安全, 2018, 18(1): 58-66.
[5]	王伟, 廖正宇, 张辉, 郭栋. 基于大数据的铁路信号系统数据存储与分析系统设计与实现[J]. 信息网络安全, 2017, 17(1): 29-37.
[6]	姜凤燕, 姜瑾, 姜吉婷. 基于大数据环境的电子取证研究[J]. 信息网络安全, 2016, 16(9): 60-63.
[7]	陈希林, 马丁. 针对微博信息分析的HBase存储结构设计[J]. 信息网络安全, 2016, 16(9): 267-271.
[8]	王媛媛, 吕晓丹, 胡琪, 吴鸿川. 基于HBase的RDF数据存储方案研究与设计[J]. 信息网络安全, 2016, 16(3): 59-63.
[9]	孙大鹏. 云计算技术在垃圾短信过滤中的应用与实现[J]. 信息网络安全, 2015, 15(7): 13-19.
[10]	陈耀兵;刘斌;史延涛. 基于Hadoop架构的大数据量日志存储和检索优化[J]. , 2013, 13(6): 0-0.
[11]	苏烈华;李恒训;李锁雷. 基于时空折中算法的密码分析系统设计与实现[J]. , 2013, 13(5): 0-0.
[12]	朱劭;崔宝江. 基于SAML的Hadoop云计算平台安全认证方法研究[J]. , 2013, 13(12): 0-0.
[13]	赵晶玲;张乃斌;崔宝江;兰芸. Hadoop DDos攻击检测算法分析[J]. , 2013, 13(12): 0-0.
[14]	简玲. 基于Hadoop的PB级海量数据处理系统的设计与实现[J]. , 2013, 13(11): 0-0.
[15]	王红艳. 一种基于Hadoop架构的网络安全事件分析方法[J]. , 2013, 13(1): 0-0.