摘要
分布式拒绝服务攻击(DDoS)是目前最强大、最难防御的攻击之一.阐述了一个基于Hadoop的DDoS检测框架.该框架利用MapReduce和HDFS来处理对DDoS攻击的分析.此框架由2个主要的服务器组成:一台用于抓取流量,另一台作为检测服务器来分析流量并生成检测结果.检测服务器管理一个Hadoop集群,在集群节点上,开始DDoS检测的MapReduce作业.该框架实现了CounterBased算法来检测主要的DDOS泛洪攻击.最后通过实验来评估该框架的检测性能,结果显示该框架可以满足需求.
Distributed denial of service (DDoS) attack is one of the most powerful attacks and it is very difficult to prevent and mitigate. This paper expounds a DDoS detection framework based on Hadoop. The framework utilizes the MapReduce and HDFS to deal with the analysis of DDoS attacks. This framework is composed of two main servers. One is used for capture traffic; another is used as detection server analyzing traffic and generating the results. Detection server manages a Hadoop cluster, it starts MapReduce-based DDoS detection jobs on the cluster nodes. The proposed framework implements Counter-Based algorithm to detect major DDoS flooding attacks. Ultimately, we perform experiments to evaluate the detection performance of the framework, and our proposed method shows its promising performances.
出处
《信息安全研究》
2015年第3期261-266,共6页
Journal of Information Security Research
