基于Spark-streaming的DDoS攻擊實時監(jiān)測方法的研究
發(fā)布時間:2018-12-13 12:58
【摘要】:隨著大數(shù)據(jù)技術(shù)的蓬勃發(fā)展,當前大數(shù)據(jù)技術(shù)的應用也十分廣泛。大數(shù)據(jù)安全分析也成為了一個較為熱門的課題。然而對于DDoS攻擊,從它誕生之日起,就一直是網(wǎng)絡安全的主要威脅之一。雖然有眾多致力于維護網(wǎng)絡安全的專家、學者,做出了許多富有成效的工作來檢測和防御DDoS攻擊。但是隨著云計算等新興技術(shù)的發(fā)展,DDo S攻擊對互聯(lián)網(wǎng)的威脅也越發(fā)惡劣。為了能夠又快又準地檢測出針對TCP協(xié)議的DDoS攻擊事件。本文從大數(shù)據(jù)處理的角度出發(fā),提出了采用以Spark-streaming流式計算框架為計算核心的大數(shù)據(jù)流式處理平臺,結(jié)合樸素貝葉斯分類算法來檢測DDoS攻擊的方案。在查閱大量DDoS攻擊的相關(guān)資料后,本文首先分析了DDoS攻擊的原理,以及DDoS攻擊主要方式;再從檢測和防御兩個方面,總結(jié)了前人的相關(guān)研究;并重點分析了采用樸素貝葉斯分類算法通過解析數(shù)據(jù)包頭信息來判斷攻擊的方法。而后,著重介紹利用大數(shù)據(jù)平臺處理DDoS攻擊的方案。本方案將從三個層面來分析檢測DDoS攻擊事件,分別是數(shù)據(jù)收集層、整理層、處理層。在收集層,被訪問服務器利用Li nux系統(tǒng)自帶的tcpdump命令捕獲TCP數(shù)據(jù)包。Flume框架將捕獲的TCP數(shù)據(jù)包發(fā)送給整理層的Kafka框架;整理層的Kafka框架將多個Flume框架發(fā)送過來的TCP數(shù)據(jù)包匯總緩存;編寫并打包好包含樸素貝葉斯分類算法的程序,分批提交給Spark集群進行處理。最后,本文通過對針對TCP協(xié)議的SYN-Flooding、Landing攻擊、RST重置攻擊進行對比試驗、測試分析。驗證了本系統(tǒng)具有較高的實時性和準確度。
[Abstract]:With the vigorous development of big data technology, the current big data technology is also widely used. Big data safety analysis has also become a hot topic. However, DDoS attack has been one of the main threats to network security since it was born. Although there are many experts and scholars dedicated to maintaining network security, a lot of fruitful work has been done to detect and defend against DDoS attacks. However, with the development of cloud computing and other emerging technologies, DDo S attacks are increasingly threatening the Internet. In order to detect DDoS attacks against TCP protocol quickly and accurately. In this paper, from the view of big data processing, a large data stream processing platform based on Spark-streaming flow computing framework is proposed to detect DDoS attacks with naive Bayesian classification algorithm. After consulting a large number of related data of DDoS attacks, this paper firstly analyzes the principle of DDoS attacks and the main methods of DDoS attacks, and then summarizes the previous research from two aspects: detection and defense. The method of analyzing the header information of data packet by using naive Bayes classification algorithm is analyzed. Then, introduce the scheme of using big data platform to deal with DDoS attack. This scheme will analyze and detect DDoS attacks from three layers, namely, data collection layer, collation layer and processing layer. In the collection layer, the accessed server uses the tcpdump command of the Li nux system to capture the TCP packet. The Flume framework sends the captured TCP packet to the Kafka framework of the collation layer. The Kafka framework of the finishing layer caches the TCP data packets sent by several Flume frameworks, and compiles and packages the procedures containing the naive Bayes classification algorithm, and submits them to the Spark cluster for processing in batches. Finally, this paper compares the SYN-Flooding,Landing attack and RST reset attack against TCP protocol. It is verified that the system has high real-time and accuracy.
【學位授予單位】:南京郵電大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.08;TP311.13
本文編號:2376568
[Abstract]:With the vigorous development of big data technology, the current big data technology is also widely used. Big data safety analysis has also become a hot topic. However, DDoS attack has been one of the main threats to network security since it was born. Although there are many experts and scholars dedicated to maintaining network security, a lot of fruitful work has been done to detect and defend against DDoS attacks. However, with the development of cloud computing and other emerging technologies, DDo S attacks are increasingly threatening the Internet. In order to detect DDoS attacks against TCP protocol quickly and accurately. In this paper, from the view of big data processing, a large data stream processing platform based on Spark-streaming flow computing framework is proposed to detect DDoS attacks with naive Bayesian classification algorithm. After consulting a large number of related data of DDoS attacks, this paper firstly analyzes the principle of DDoS attacks and the main methods of DDoS attacks, and then summarizes the previous research from two aspects: detection and defense. The method of analyzing the header information of data packet by using naive Bayes classification algorithm is analyzed. Then, introduce the scheme of using big data platform to deal with DDoS attack. This scheme will analyze and detect DDoS attacks from three layers, namely, data collection layer, collation layer and processing layer. In the collection layer, the accessed server uses the tcpdump command of the Li nux system to capture the TCP packet. The Flume framework sends the captured TCP packet to the Kafka framework of the collation layer. The Kafka framework of the finishing layer caches the TCP data packets sent by several Flume frameworks, and compiles and packages the procedures containing the naive Bayes classification algorithm, and submits them to the Spark cluster for processing in batches. Finally, this paper compares the SYN-Flooding,Landing attack and RST reset attack against TCP protocol. It is verified that the system has high real-time and accuracy.
【學位授予單位】:南京郵電大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.08;TP311.13
【參考文獻】
相關(guān)期刊論文 前7條
1 江原;;揮之不去的夢魘——DDoS攻擊[J];信息安全與通信保密;2013年10期
2 湯昒昊;;從“棱鏡門”事件看美國的情報監(jiān)督機制[J];情報雜志;2013年09期
3 張永錚;肖軍;云曉春;王風宇;;DDoS攻擊檢測和控制方法[J];軟件學報;2012年08期
4 王左利;魏亮;;揭秘5·19斷網(wǎng)風暴[J];中國教育網(wǎng)絡;2009年07期
5 孫紅杰;方濱興;張宏莉;;基于鏈路特征的DDoS攻擊檢測方法[J];通信學報;2007年02期
6 羅華;胡光岷;姚興苗;;基于網(wǎng)絡全局流量異常特征的DDoS攻擊檢測[J];計算機應用;2007年02期
7 趙福祥,王育民,趙紅云;一種用于移動代理的安全方法研究[J];信息安全與通信保密;2001年02期
相關(guān)碩士學位論文 前3條
1 陳勇;Linux平臺下應對DDoS攻擊檢測過濾技術(shù)研究[D];南京郵電大學;2015年
2 胥秋華;DDoS攻擊防御關(guān)鍵技術(shù)的研究[D];上海交通大學;2007年
3 沈清;基于linux內(nèi)核的防SYN Flood系統(tǒng)分析與研究[D];浙江大學;2006年
,本文編號:2376568
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2376568.html
最近更新
教材專著
