DDoS Attacks Detection and Traceback Method Based on Flow Entropy Algorithm and MPLS Principle

Distributed Denial of Service (DDoS) attacks on cloud computing platforms have become one of the key issues affecting cloud security. Single packet traceback technology against DDoS attacks has become the focus of research in the field of cloud security. Currently, single packet traceback technologies generally have problems of high cost and low accuracy. In this paper, an early warning mechanism is set up, the broadcast algorithm is improved, to avoid detecting the router is flooded with a large amount of redundant broadcast message, and the flow entropy is used to recognize the attack flow. A traceback method for the switching path generation theory based on MPLS (Multi-Protocol Label Switching) that establishing traceback marks on the traceable routers and reconstructing the DDoS attacks paths is proposed. This paper uses network probe to parallelize the establishment of traceback tables and estimate the load of traceback devices and so on to improve the processing speed and traceback accuracy of traceback routers. The simulation results show that the flow entropy method can recognize DDoS attacks when the strength of attack flow is nearly 2 times normal flow, and the probability of traceback can be reduced to 6%. After the establishment of traceback paths, the forwarding rate and traceback rate of IP packets are improved, the traceback accuracy than other methods to improve 30%, suitable for cloud computing large scale and high flow environment.