dc.description.abstract | Along with swift development of science and communication technology, people are inseparable from electronic communication products nowadays, continuously pursuing the convenience of networking and business opportunities for developing application services. After the rise of the Internet of Things, many devices are able to connect to the Internet. However, many communication device manufacturers have not paid attention to the security of their products. Billions of IoT peripherals have hidden security loopholes. Hackers can steal data or launch distributed denial-of-service (DDoS) attacks through loopholes, cause serious threats to the Internet. Especially in recent years, financial and securities companies have encountered the threat of DDoS attacks. Hackers threaten companies to pay ransoms, otherwise they will paralyze the services. In the worst case, it may lead to the loss of customer confidence and transfer to other business competitors, resulting in inestimable losses. Therefore, the importance of information security has become an issue that cannot be ignored.
DDoS attack is getting stronger and the scale of traffic is increasing. The detection techniques are mainly focused on network flow. It is difficult to detect significant DDoS attacks by using traffic-based detection technology if encountering small packets and a high Packet rate. As a result, traffic-based detection technology cannot detect DDoS attacks, but it has actually caused abnormal service of terminal network equipment.
In the past, some researchers used the traditional entropy-based measure to detect DDoS attacks. The detection threshold was divided into fixed and dynamic. The fixed threshold needed to be adjusted according to user’s network scenarios, and couldn’t be adjusted automatically. The dynamic threshold requires to be adaptively updated by means and deviation, in the environment where the network traffic changed greatly, it was difficult to maintain the detection rate.
In this paper, the characteristics of Entropy are used to describe the flow distribution at different times. We propose a method based on unsupervised machine learning which learns a decision boundary through normal training dataset, provides an effective Anomaly Detection module. The purpose of this study is to improve detection rate and provide a feasible solution that can achieve a good accuracy DDoS detection method. | en_US |