IPv6网络中基于MF-DL的DDoS攻击快速防御机制

A Rapid Defense Mechanism Based on MF-DL for DDoS Attack in IPv6 Networks

当前,分布式拒绝服务(Distributed Denial of Service,DDoS)攻击是互联网面临的十分严峻的安全威胁之一.IPv6网络考虑了IPv4网络中的诸多安全问题,但它对DDoS攻击仍未能起到很好的防护作用.针对IPv6网络中DDoS攻击的防御问题,本文设计了一种基于MF-DL(Membership Function and Deep Learning)的DDoS快速防御机制.该防御机制以MF-DL检测机制为核心,辅以响应机制等实现对DDoS攻击的防御功能.在检测机制中,首先使用基于隶属度函数的预检测方法,实现对网络流量数据的轻量级异常检测;接着通过基于深度学习方法中神经网络模型的深度检测,实现在异常发生后对流量进行高精度分类.在响应机制中,利用Anti-Fre响应算法实现对请求访问的IP地址进行信誉等级划分,进而实现流量定向阻断并恢复系统性能.最后,分别基于经典入侵检测数据集和校园网的模拟攻击数据集对本文提出的防御机制进行了实验.结果显示,本文提出的防御机制相比于三种对比算法,检测准确率可提高6.2%,误报率和漏报率可降低6.75%、8.46%,且能够有效处理攻击并恢复部分系统性能.

At present,the Distributed Denial of Service(DDoS)attack is still one of the most serious security threats to the Internet.The core of IPv6 networks is to solve the problem of IP address resource exhaustion.At the same time,IPv6 networks also have considered many security issues in IPv4 networks,such as the use of IPsec(Internet Protocol Security)protocol.However,IPv6 networks still follow the mechanism of data packets routing,which makes it still fail to play a good role in the protection against DDoS attacks.Aiming at the defense of DDoS attacks in IPv6 networks,this paper designs a fast defense mechanism based on MF-DL Membership Function and Deep Learning).The whole detection mechanism is divided into four parts:infrastructures,the traffic collector,the MF-DL detection mechanism,and the response mechanism.Among them,infrastructures as the basic equipment are the hardware basis of the defense mechanism.The traffic collector realizes the functions of traffic collection,filtering and processing.The MF-DL detection mechanism is the core of the defense mechanism to realize the specific detection function of DDoS attacks.The response mechanism complements the MF-DL detection mechanism,manages the blacklist according to the detection results and realizes the traffic filtering function.The MF-DL detection mechanism is divided into two parts:the MF(Membership Function)pre-detection algorithm and the DL(Deep Learning)deep detection algorithm.Based on the pre-detection model of entropy measurement and membership function,the MF pre-detection algorithm calculates the traffic scale and traffic chaos degree of current network traffic and realizes lightweight anomaly detection at the traffic volume level.When the MF pre-detection algorithm detects that the current network traffic scale is abnormal,it means that there is a suspected DDoS attack.So,the DL deep detection is carried out.The DL deep detection algorithm realizes misuse detection based on the neural network classification model of deep learning methods.After feature extraction of historical attack traffic,the traffic feature set is used to train the neural network,and the trained model is used for attack detection later.After each attack,the training set is updated and the neural network classification model is retrained.In the response mechanism,the Anti-Fre response algorithm realizes the classification of the reputation of the requested IP address.When an attack is detected,the reputation level of the traffic IP addresses can be adjusted to achieve the function of directional blocking of traffic and the recovery of system performance.Finally,experiments are carried out on the defense mechanism proposed in this paper based on the classic intrusion detection data set and the simulated attack data set of the campus network.The results show that compared with the three comparison algorithms,the defense mechanism proposed in this paper can increase the detection accuracy by 6.2%,and reduce the false alarm rate and false alarm rate by 6.75%and 8.46%,and the experimental verification of the system load proves that the defense mechanism proposed in this paper can effectively deal with attacks and restore system performance in a short time.