Dissertation
Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security

Research on DDoS Attacks Detection and Related Network Security Visualization Techniques

Author LvLiangFu
Tutor HeZuoLian
School Tianjin University
Course Applied Computer Technology
Keywords network security information visualization DDoS attack wavelet analysis port scan
CLC TP393.08
Type PhD thesis
Year 2008
Downloads 731
Quotes 2
Download Dissertation

Network security visualization has become a hot research field in recent years. Unlike the traditional methods of analyzing log data, visualization technology can change the research methods of network security greatly. It can not only deal with large volume of data effectively, but also help network administrators detect anomalies by analyzing patterns in the graphs, even can discover new types of attacks and forecast the trend of events.Tough some researchers proposed that we can solve the self-similarity parameter of network traffic by use of wavelet analysis, the value is imprecise. The volume of training data used in solving the self-similarity parameter is very large. This makes the whole process very slow, and the method can not detect the weak DDoS attack timely. So an improved DDoS detection algorithm based on wavelet analysis is proposed in this paper. Principal component analysis method is used to reduce the dimension of network data firstly. The new data with low dimension can be used for solving the self-similarity parameter. An improved principal component analysis algorithm for dimension reduction of large amounts of data is proposed in this paper too. The algorithm increases the speed of detection greatly. From the numerical and graphic results we can see the new algorithms are very effective.According to information visualization process, the data sources, visual structures and interactive functions in visualization techniques especially for DDoS detection are studied in this paper. The advantages and disadvantages of existing network security visualization techniques for DDoS detection are analyzed too. The early characteristics of DDoS attacks are studied and a novel visualization technique for DDoS detection named DDoSviewer is proposed in the paper. The extraction and analysis of network data, the calculation and display of graphic elements’attribute are included in the new visualization technique. The results show that the new system can detect DDoS attacks effectively.Time is always used as the most important parameter in the current network security visualization techniques on port scan.This makes the slow scan, the dynamic or random scan, concealed scan and spoofed scan hard to detect, and the detection results of the related security anomalies such as DDoS, worms, Trojans etc are bad too. Therefore, a novel network security visualization method for slow scan, concealed scan etc is proposed in this paper. Through analysis of the network data packets and information visualization techniques, a new visual system for port scan detection named ScanViewer is designed in the paper. Many interactive fuctions are developed in the new system too.The results show that the attack patterns can be easily found from large amount of fuzzy data, and slow scan, distributed scan and various types of TCP concealed scans can be effectively detected from the ScanViewer.

Related Dissertations
More Dissertations