关键词: DDoS攻击检测, Hadoop, 分布式拒绝服务攻击, DDoS, 检测框架

Abstract: Distributed Denial of Service (DDoS) attack is one of the most powerful attacks and it is very difficult to prevent and mitigate. This paper expounds a DDoS detection framework based on Hadoop. The framework utilizes the MapReduce and HDFS to deal with the analysis of DDoS attacks. This framework is composed of two main servers. One is used for capture traffic; another is used as detection server analyzing traffic and generating the results. Detection server manages a Hadoop cluster, it starts MapReduce-based DDoS detection jobs on the cluster nodes. The proposed framework implements Counter-Based algorithm to detect major DDoS flooding attacks. Ultimately, we perform experiments to evaluate the detection performance of the framework, and our proposed method shows its promising performances.

Key words: DDoS attack detection, Hadoop, Distributed Denial of Service attack, DDoS, detection framework