【摘要】：隨著大數(shù)據(jù)技術(shù)的蓬勃發(fā)展,當(dāng)前大數(shù)據(jù)技術(shù)的應(yīng)用也十分廣泛。大數(shù)據(jù)安全分析也成為了一個(gè)較為熱門的課題。然而對(duì)于DDoS攻擊,從它誕生之日起,就一直是網(wǎng)絡(luò)安全的主要威脅之一。雖然有眾多致力于維護(hù)網(wǎng)絡(luò)安全的專家、學(xué)者,做出了許多富有成效的工作來檢測(cè)和防御DDoS攻擊。但是隨著云計(jì)算等新興技術(shù)的發(fā)展,DDo S攻擊對(duì)互聯(lián)網(wǎng)的威脅也越發(fā)惡劣。為了能夠又快又準(zhǔn)地檢測(cè)出針對(duì)TCP協(xié)議的DDoS攻擊事件。本文從大數(shù)據(jù)處理的角度出發(fā),提出了采用以Spark-streaming流式計(jì)算框架為計(jì)算核心的大數(shù)據(jù)流式處理平臺(tái),結(jié)合樸素貝葉斯分類算法來檢測(cè)DDoS攻擊的方案。在查閱大量DDoS攻擊的相關(guān)資料后,本文首先分析了DDoS攻擊的原理,以及DDoS攻擊主要方式;再?gòu)臋z測(cè)和防御兩個(gè)方面,總結(jié)了前人的相關(guān)研究;并重點(diǎn)分析了采用樸素貝葉斯分類算法通過解析數(shù)據(jù)包頭信息來判斷攻擊的方法。而后,著重介紹利用大數(shù)據(jù)平臺(tái)處理DDoS攻擊的方案。本方案將從三個(gè)層面來分析檢測(cè)DDoS攻擊事件,分別是數(shù)據(jù)收集層、整理層、處理層。在收集層,被訪問服務(wù)器利用Li nux系統(tǒng)自帶的tcpdump命令捕獲TCP數(shù)據(jù)包。Flume框架將捕獲的TCP數(shù)據(jù)包發(fā)送給整理層的Kafka框架;整理層的Kafka框架將多個(gè)Flume框架發(fā)送過來的TCP數(shù)據(jù)包匯總緩存;編寫并打包好包含樸素貝葉斯分類算法的程序,分批提交給Spark集群進(jìn)行處理。最后,本文通過對(duì)針對(duì)TCP協(xié)議的SYN-Flooding、Landing攻擊、RST重置攻擊進(jìn)行對(duì)比試驗(yàn)、測(cè)試分析。驗(yàn)證了本系統(tǒng)具有較高的實(shí)時(shí)性和準(zhǔn)確度。
[Abstract]:With the vigorous development of big data technology, the current big data technology is also widely used. Big data safety analysis has also become a hot topic. However, DDoS attack has been one of the main threats to network security since it was born. Although there are many experts and scholars dedicated to maintaining network security, a lot of fruitful work has been done to detect and defend against DDoS attacks. However, with the development of cloud computing and other emerging technologies, DDo S attacks are increasingly threatening the Internet. In order to detect DDoS attacks against TCP protocol quickly and accurately. In this paper, from the view of big data processing, a large data stream processing platform based on Spark-streaming flow computing framework is proposed to detect DDoS attacks with naive Bayesian classification algorithm. After consulting a large number of related data of DDoS attacks, this paper firstly analyzes the principle of DDoS attacks and the main methods of DDoS attacks, and then summarizes the previous research from two aspects: detection and defense. The method of analyzing the header information of data packet by using naive Bayes classification algorithm is analyzed. Then, introduce the scheme of using big data platform to deal with DDoS attack. This scheme will analyze and detect DDoS attacks from three layers, namely, data collection layer, collation layer and processing layer. In the collection layer, the accessed server uses the tcpdump command of the Li nux system to capture the TCP packet. The Flume framework sends the captured TCP packet to the Kafka framework of the collation layer. The Kafka framework of the finishing layer caches the TCP data packets sent by several Flume frameworks, and compiles and packages the procedures containing the naive Bayes classification algorithm, and submits them to the Spark cluster for processing in batches. Finally, this paper compares the SYN-Flooding,Landing attack and RST reset attack against TCP protocol. It is verified that the system has high real-time and accuracy.
【學(xué)位授予單位】：南京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08;TP311.13

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 江原;;揮之不去的夢(mèng)魘——DDoS攻擊[J];信息安全與通信保密;2013年10期

2 湯昒昊;;從“棱鏡門”事件看美國(guó)的情報(bào)監(jiān)督機(jī)制[J];情報(bào)雜志;2013年09期

3 張永錚;肖軍;云曉春;王風(fēng)宇;;DDoS攻擊檢測(cè)和控制方法[J];軟件學(xué)報(bào);2012年08期

4 王左利;魏亮;;揭秘5·19斷網(wǎng)風(fēng)暴[J];中國(guó)教育網(wǎng)絡(luò);2009年07期

5 孫紅杰;方濱興;張宏莉;;基于鏈路特征的DDoS攻擊檢測(cè)方法[J];通信學(xué)報(bào);2007年02期

6 羅華;胡光岷;姚興苗;;基于網(wǎng)絡(luò)全局流量異常特征的DDoS攻擊檢測(cè)[J];計(jì)算機(jī)應(yīng)用;2007年02期

7 趙福祥,王育民,趙紅云;一種用于移動(dòng)代理的安全方法研究[J];信息安全與通信保密;2001年02期

相關(guān)碩士學(xué)位論文 前3條

1 陳勇;Linux平臺(tái)下應(yīng)對(duì)DDoS攻擊檢測(cè)過濾技術(shù)研究[D];南京郵電大學(xué);2015年

2 胥秋華;DDoS攻擊防御關(guān)鍵技術(shù)的研究[D];上海交通大學(xué);2007年

3 沈清;基于linux內(nèi)核的防SYN Flood系統(tǒng)分析與研究[D];浙江大學(xué);2006年

，

本文編號(hào)：2376568