DDoSAttacksDetectionusingMachineLearningAlgorithmsQianLiCommunicationUniversityofChinaBeijing,Chinaliqian0716@cuc.
edu.
cnLinhaiMengCommunicationUniversityofChinaBeijing,Chinaxmenglinhai@outlook.
comJinyaoYanCommunicationUniversityofChinaBeijing,Chinajyan@cuc.
edu.
cnYuanZhangCommunicationUniversityofChinaBeijing,Chinayuanzhang@cuc.
edu.
cnABSTRACTAdistributeddenial-of-service(DDoS)attackisamaliciousattempttodisruptnormaltrafficofatargetedserver,serviceornetworkbyoverwhelmingthetargetoritssurroundinginfrastructurewithafloodofInternettraffic.
Ithascausedgreatharmtothesecurityofthenetworkenvironment.
ThispaperdevelopsanovelframeworkcalledPCA-RNN(PrincipalComponentAnalysis-RecurrentNeuralNetwork)toidentifyDDoSattacks.
Inordertocomprehensivelyunderstandthenetworktraffic,weselectmostnetworkcharacteristicstodescribethetraffic.
WefurtherusethePCAalgorithmtoreducethedimensionsofthefeaturesinordertoreducethetimecomplexityofdetection.
ByapplyingPCA,thepredictiontimecanbesignificantlyreducedwhilemostoftheoriginalinformationcanstillbecontained.
DataafterdimensionsreductionisfedintoRNNtotrainandgetdetectionmodel.
Evaluationresultshowsthatfortherealdataset,PCA-RNNcanachievesignificantperformanceimprovementintermsofaccuracy,sensitivity,precision,andF-scorecomparedtotheseveralexistingDDoSattacksdetectionmethods.
CCSCONCEPTSSecurityandprivacyNetworksecurityDenial-of-serviceattacksKEYWORDSDDoSattacks,RNN,PCA,trafficfeatures1MotivationsDDoSattackisdistributedinthewaythattheattackerisusingmultiplecomputerstolaunchthedenialofserviceattack.
AnewstudythattriestomeasurethedirectcostofthatoneDDoSattackforIoT(InternetofThings)deviceuserswhosemachinesweresweptupintheassaultfoundthatitmayhavecostdeviceownersatotalof$323,973.
75inexcesspowerandaddedbandwidthconsumption[1].
Itisurgenttodomorein-depthresearchonDDoSattacks,andDDoSattacksdetectionasaveryimportantparthasbecomeahottopicoftheresearcharea.
Currently,thereexistmanystatisticalDDoSdetectionmethods,suchasnetworktrafficstatisticsfeaturesbaseddetection,sourceIPanddestinationIPaddresses-baseddetection,portentropyvalues-baseddetection,andwavelet-basedanalysis[2,3],anddestinationentropy[4],etc.
However,withthedevelopmentofInternettechnology,theDDoSattackmodelischangingfasterandfaster.
Constructionofanewstatisticalmodelrequiresalotoftimetobuild,sothatitdoesnotadaptwelltotherapidlychangingnetworkenvironment.
Thestatisticalmodelhasasingleapplicationscenarioandalotofcomplexityofbuildingorupgradingthemodel.
Inordertosolvetheaboveproblems,thewayofDDoSattacksdetectionthroughmachinelearningalgorithmshasgraduallybecomethefocusofresearch.
Themachinelearningalgorithmcanfindouttheabnormalinformationbehindthemassivedata,whichiswidelylovedbyresearchers.
Theadvantageofthemachinelearningdetectionmodelisthatnewdatacanquicklyupdatethedetectionmodel.
Therearestillsomedeficiencies.
Duetothehighcomputationalcomplexityofmachinelearningalgorithms,itrequireslongerpredictiontime.
ThemachinelearningalgorithmsusedtodetectDDoSattacksdonotconsiderthetimecorrelationoftrafficdata.
Motivatedbythesechallenges,thispaperpresentsPrincipalComponentAnalysis-RecurrentNeuralNetwork(PCA-RNN)toidentifyDDoSattacks.
Wefirstextractallrelevantfeaturestoensureouralgorithmcancoveralltheattacktypes,whichimprovessingleapplicationscenarioproblem.
Thefeaturesincludesfouraspects,namely,floodfeature,slowattackfeature,flowtimefeatureandwebattackfeature.
Duetothelargenumberoffeaturesselectedinthefirststep,thecomputationalcomplexityofthedetectionalgorithmislargelyincreased.
Wehandlethisproblembyreducingthedimensionofinputfeatures.
WeusePCAasourdimension-reductionmethod,whichisanefficientandflexiblelineardimension-reductionmethod.
Finally,sincenetworktraffichasshorttimecorrelation,itisbeneficialifthedetectionalgorithmcouldincorporatetheshorttimefeaturesoftheinputdata.
Inthisway,weselectRNNalgorithmwhichhasshort-termmemoryandistimelyefficientasourtrainingmodule.
2MethodWedescribethedesigndetailsinthissection.
WefirstselectallrelevantfeaturestoensurethattheneuralnetworkcanthoroughlylearntheDDoSattacksinformation.
Toreducethetimecomplexity,weusePCAtoreducethefeaturevectordimensionsandsimplifytheneuralnetworkmodel.
ComparedwithLinearDiscriminantAnalysis(LDA)andotherlineardimensionalityreductionmethods,PCAismoreflexibletoselecttheoutputdimensionaccordingtoactualrequirements,sowechosePCAasthedimensionreductionmethod.
Finally,weconstructafront-to-backcorrelationofnetworkbyRNNalgorithmsothatDDoSdetectioncanbeperformedfrommultipleperspectives.
ThearchitectureoftheproposedframeworkisillustratedinFigure1.
APNet2018,August2-32018,Beijing,ChinaQianLietal.
Figure1:PCA-RNNModel3PreliminaryResultsWeevaluateouralgorithmandcomparewithseveralexistingdetectionalgorithmusingKDDdataset[5].
TheKDDdatasetisa9weeknetworkconnectiondatacollectedfromasimulatedUnitedStatesAirForceLAN,dividedintoidentifiedtrainingdataandnotidentifiedtestdata.
Thetestdataandthetrainingdatahaveadifferentprobabilitydistribution,andthetestdatacontainssometypesofattackthatdonotappearinthetrainingdata,whichmakestheintrusiondetectionmorerealistic.
Figure2:Performancemetrics.
Figure3:PredictiontimeofPCA-RNNcomparedwithexistingmethods.
AscanbeseeninFigure2andFigure3,thepredictiontimeofPCA-RNNcanbesignificantlydecreasedcomparingtheRNNalgorithmswithsimilaraccuracyrateandF1value.
TheaccuracyandF1ofPCA-BP,BPandPCA-LSTMalgorithmsarelowerthanPCA-RNN.
PCA-SVMpredictiontakes83.
3326sandtakestoolongtodraweasily.
WecanalsoseefromFigure3,PCA-RNNneedstheminimumpredictiontimeabovetheaccuracyof98.
7%.
Figure4.
DetectionaccuracyofPCA-RNNcomparedwithexistingmethods.
WealsocompareourPCA-RNNwithseveralexistingstatisticalalgorithms.
AscanbeseeninFigure4,statisticaldetectionalgorithmscanonlyperformwelloncertaintypesofattacks,whileourPCA-RNNalgorithmshowsgooddetectionaccuracyonalltestingscenarios.
4ConclusionandFutureWorkThispaperpresentsanovelmachinelearningbasedDDoSdetectionmethodwithbothaccuracyandefficiency.
Inthefuturework,wewilltestthealgorithmthroughmorerealdatasetandtrytostudytheinherentcharacteristicsundertheselectedfeatures.
REFERENCES[1]Study:AttackonKrebsOnSecurityCostIoTDeviceOwners$323K,Available:https://krebsonsecurity.
com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/[2]Tao,Y.
,&Yu,S.
(2013).
DDoSAttackDetectionatLocalAreaNetworksUsingInformationTheoreticalMetrics.
IEEEInternationalConferenceonTrust,SecurityandPrivacyinComputingandCommunications(Vol.
8,pp.
233-240).
IEEE.
[3]Dong,P.
,Du,X.
,Zhang,H.
,&Xu,T.
(2016).
AdetectionmethodforanovelDDoSattackagainstSDNcontrollersbyvastnewlow-trafficflows.
IEEEInternationalConferenceonCommunications(pp.
1-6).
IEEE.
[4]Mousavi,S.
M.
,&Sthilaire,M.
(2015).
EarlydetectionofDDoSattacksagainstSDNcontrollers.
InternationalConferenceonComputing,NETWORKINGandCommunications(Vol.
17,pp.
77-81).
IEEEComputerSociety.
[5]KDDCupData,http://kdd.
ics.
uci.
edu/databases/kddcup99/kddcup99.
html.
近日CloudCone商家对旗下的大硬盘VPS云服务器进行了少量库存补货,也是悄悄推送了一批便宜VPS云服务器产品,此前较受欢迎的特价20美元/年、1核心1G内存1Gbps带宽的VPS云服务器也有少量库存,有需要美国便宜大硬盘VPS云服务器的朋友可以关注一下。CloudCone怎么样?CloudCone服务器好不好?CloudCone值不值得购买?CloudCone是一家成立于2017年的美国服务...
易探云怎么样?易探云是国内一家云计算服务商家,致力香港服务器、国内外服务器租用及托管等互联网业务,目前主要地区为运作香港BGP、香港CN2、广东、北京、深圳等地区。易探云服务器均选择当下热门线路,比如CN2 GIA、BGP线路、CN2线路等,所有云主机支持月付,并且首月优惠,年付优惠,优惠后香港沙田云服务器/独立ip/香港CN2线路,每月仅18元,188元/年。点击进入:易探云官方网站地址1、香港...
数脉科技(shuhost)8月促销:香港独立服务器,自营BGP、CN2+BGP、阿里云线路,新客立减400港币/月,老用户按照优惠码减免!香港服务器带宽可选10Mbps、30Mbps、50Mbps、100Mbps带宽,支持中文本Windows、Linux等系统。数脉香港特价阿里云10MbpsCN2,e3-1230v2,16G内存,1T HDD 或 240G SSD,10Mbps带宽,IPv41个,...
ddos为你推荐
海外主机那些韩国主机,美国主机是怎么来的?域名服务商最好的域名服务商是哪一家ip代理地址代理ip地址是怎么来的?成都虚拟空间五星网络隶属于成都冠一科技有限公司,虚拟空间购买了不到一个月不能访问2次,质量真差啊!天津虚拟主机天津APP开发的比较专业的公司有哪些?虚拟主机mysql我申请的虚拟主机 ,是MYSQL数据库,但是我安装好网页后,需要更改的数据库地址是我默认的还是找卖家咨询?shopex虚拟主机支持shopex网店程序的虚拟主机推荐 要求稳定的 价格2000-300左右 1g的就行www二级域名www是二级域名,w也是二级域名 权重一样高吗?www二级域名请问 www.aaa.bbb.com 是一级域名还是二级域名啊?能否备案?怎么备案?域名网怎样申请域名网站?
短域名 域名服务器上存放着internet主机的 外国服务器 linkcloud isatap idc评测网 国外空间服务商 typecho 上海域名 环聊 免费的asp空间 ledlamp 登陆qq空间 买空间网 云销售系统 hdsky forwarder restart 卡巴斯基免费版下载 卡巴下载 更多