Journal of Information Security Research ›› 2015, Vol. 1 ›› Issue (3): 261-266.

Previous Articles     Next Articles

DDoS Detection Framework based on Hadoop

  

  • Received:2015-11-23 Revised:2015-11-30 Online:2015-12-15 Published:2016-01-18

基于Hadoop的DDos检测框架

罗梓露 方勇   

  1. 1. 四川大学信息安全研究所2. 四川大学
  • 通讯作者: 罗梓露
  • 作者简介:罗梓露 硕士,主要研究方向为信息安全. luozilu@vip.qq.com 方勇 博士,教授,主要研究方向为信息安全、网络信息对抗. yfang@scu.edu

Abstract: Distributed Denial of Service (DDoS) attack is one of the most powerful attacks and it is very difficult to prevent and mitigate. This paper expounds a DDoS detection framework based on Hadoop. The framework utilizes the MapReduce and HDFS to deal with the analysis of DDoS attacks. This framework is composed of two main servers. One is used for capture traffic; another is used as detection server analyzing traffic and generating the results. Detection server manages a Hadoop cluster, it starts MapReduce-based DDoS detection jobs on the cluster nodes. The proposed framework implements Counter-Based algorithm to detect major DDoS flooding attacks. Ultimately, we perform experiments to evaluate the detection performance of the framework, and our proposed method shows its promising performances.

Key words: DDoS attack detection, Hadoop, Distributed Denial of Service attack, DDoS, detection framework

摘要: 分布式拒绝服务攻击(DDoS)是目前最强大、最难防御的攻击之一.阐述了一个基于Hadoop的DDoS检测框架.该框架利用MapReduce和HDFS来处理对DDoS攻击的分析.此框架由2个主要的服务器组成:一台用于抓取流量,另一台作为检测服务器来分析流量并生成检测结果.检测服务器管理一个Hadoop集群,在集群节点上,开始DDoS检测的MapReduce作业.该框架实现了CounterBased算法来检测主要的DDoS泛洪攻击.最后通过实验来评估该框架的检测性能,结果显示该框架可以满足需求.

关键词: DDoS攻击检测, Hadoop, 分布式拒绝服务攻击, DDoS, 检测框架