DDoSAttacksDetectionusingMachineLearningAlgorithmsQianLiCommunicationUniversityofChinaBeijing,Chinaliqian0716@cuc.
edu.
cnLinhaiMengCommunicationUniversityofChinaBeijing,Chinaxmenglinhai@outlook.
comJinyaoYanCommunicationUniversityofChinaBeijing,Chinajyan@cuc.
edu.
cnYuanZhangCommunicationUniversityofChinaBeijing,Chinayuanzhang@cuc.
edu.
cnABSTRACTAdistributeddenial-of-service(DDoS)attackisamaliciousattempttodisruptnormaltrafficofatargetedserver,serviceornetworkbyoverwhelmingthetargetoritssurroundinginfrastructurewithafloodofInternettraffic.
Ithascausedgreatharmtothesecurityofthenetworkenvironment.
ThispaperdevelopsanovelframeworkcalledPCA-RNN(PrincipalComponentAnalysis-RecurrentNeuralNetwork)toidentifyDDoSattacks.
Inordertocomprehensivelyunderstandthenetworktraffic,weselectmostnetworkcharacteristicstodescribethetraffic.
WefurtherusethePCAalgorithmtoreducethedimensionsofthefeaturesinordertoreducethetimecomplexityofdetection.
ByapplyingPCA,thepredictiontimecanbesignificantlyreducedwhilemostoftheoriginalinformationcanstillbecontained.
DataafterdimensionsreductionisfedintoRNNtotrainandgetdetectionmodel.
Evaluationresultshowsthatfortherealdataset,PCA-RNNcanachievesignificantperformanceimprovementintermsofaccuracy,sensitivity,precision,andF-scorecomparedtotheseveralexistingDDoSattacksdetectionmethods.
CCSCONCEPTSSecurityandprivacyNetworksecurityDenial-of-serviceattacksKEYWORDSDDoSattacks,RNN,PCA,trafficfeatures1MotivationsDDoSattackisdistributedinthewaythattheattackerisusingmultiplecomputerstolaunchthedenialofserviceattack.
AnewstudythattriestomeasurethedirectcostofthatoneDDoSattackforIoT(InternetofThings)deviceuserswhosemachinesweresweptupintheassaultfoundthatitmayhavecostdeviceownersatotalof$323,973.
75inexcesspowerandaddedbandwidthconsumption[1].
Itisurgenttodomorein-depthresearchonDDoSattacks,andDDoSattacksdetectionasaveryimportantparthasbecomeahottopicoftheresearcharea.
Currently,thereexistmanystatisticalDDoSdetectionmethods,suchasnetworktrafficstatisticsfeaturesbaseddetection,sourceIPanddestinationIPaddresses-baseddetection,portentropyvalues-baseddetection,andwavelet-basedanalysis[2,3],anddestinationentropy[4],etc.
However,withthedevelopmentofInternettechnology,theDDoSattackmodelischangingfasterandfaster.
Constructionofanewstatisticalmodelrequiresalotoftimetobuild,sothatitdoesnotadaptwelltotherapidlychangingnetworkenvironment.
Thestatisticalmodelhasasingleapplicationscenarioandalotofcomplexityofbuildingorupgradingthemodel.
Inordertosolvetheaboveproblems,thewayofDDoSattacksdetectionthroughmachinelearningalgorithmshasgraduallybecomethefocusofresearch.
Themachinelearningalgorithmcanfindouttheabnormalinformationbehindthemassivedata,whichiswidelylovedbyresearchers.
Theadvantageofthemachinelearningdetectionmodelisthatnewdatacanquicklyupdatethedetectionmodel.
Therearestillsomedeficiencies.
Duetothehighcomputationalcomplexityofmachinelearningalgorithms,itrequireslongerpredictiontime.
ThemachinelearningalgorithmsusedtodetectDDoSattacksdonotconsiderthetimecorrelationoftrafficdata.
Motivatedbythesechallenges,thispaperpresentsPrincipalComponentAnalysis-RecurrentNeuralNetwork(PCA-RNN)toidentifyDDoSattacks.
Wefirstextractallrelevantfeaturestoensureouralgorithmcancoveralltheattacktypes,whichimprovessingleapplicationscenarioproblem.
Thefeaturesincludesfouraspects,namely,floodfeature,slowattackfeature,flowtimefeatureandwebattackfeature.
Duetothelargenumberoffeaturesselectedinthefirststep,thecomputationalcomplexityofthedetectionalgorithmislargelyincreased.
Wehandlethisproblembyreducingthedimensionofinputfeatures.
WeusePCAasourdimension-reductionmethod,whichisanefficientandflexiblelineardimension-reductionmethod.
Finally,sincenetworktraffichasshorttimecorrelation,itisbeneficialifthedetectionalgorithmcouldincorporatetheshorttimefeaturesoftheinputdata.
Inthisway,weselectRNNalgorithmwhichhasshort-termmemoryandistimelyefficientasourtrainingmodule.
2MethodWedescribethedesigndetailsinthissection.
WefirstselectallrelevantfeaturestoensurethattheneuralnetworkcanthoroughlylearntheDDoSattacksinformation.
Toreducethetimecomplexity,weusePCAtoreducethefeaturevectordimensionsandsimplifytheneuralnetworkmodel.
ComparedwithLinearDiscriminantAnalysis(LDA)andotherlineardimensionalityreductionmethods,PCAismoreflexibletoselecttheoutputdimensionaccordingtoactualrequirements,sowechosePCAasthedimensionreductionmethod.
Finally,weconstructafront-to-backcorrelationofnetworkbyRNNalgorithmsothatDDoSdetectioncanbeperformedfrommultipleperspectives.
ThearchitectureoftheproposedframeworkisillustratedinFigure1.
APNet2018,August2-32018,Beijing,ChinaQianLietal.
Figure1:PCA-RNNModel3PreliminaryResultsWeevaluateouralgorithmandcomparewithseveralexistingdetectionalgorithmusingKDDdataset[5].
TheKDDdatasetisa9weeknetworkconnectiondatacollectedfromasimulatedUnitedStatesAirForceLAN,dividedintoidentifiedtrainingdataandnotidentifiedtestdata.
Thetestdataandthetrainingdatahaveadifferentprobabilitydistribution,andthetestdatacontainssometypesofattackthatdonotappearinthetrainingdata,whichmakestheintrusiondetectionmorerealistic.
Figure2:Performancemetrics.
Figure3:PredictiontimeofPCA-RNNcomparedwithexistingmethods.
AscanbeseeninFigure2andFigure3,thepredictiontimeofPCA-RNNcanbesignificantlydecreasedcomparingtheRNNalgorithmswithsimilaraccuracyrateandF1value.
TheaccuracyandF1ofPCA-BP,BPandPCA-LSTMalgorithmsarelowerthanPCA-RNN.
PCA-SVMpredictiontakes83.
3326sandtakestoolongtodraweasily.
WecanalsoseefromFigure3,PCA-RNNneedstheminimumpredictiontimeabovetheaccuracyof98.
7%.
Figure4.
DetectionaccuracyofPCA-RNNcomparedwithexistingmethods.
WealsocompareourPCA-RNNwithseveralexistingstatisticalalgorithms.
AscanbeseeninFigure4,statisticaldetectionalgorithmscanonlyperformwelloncertaintypesofattacks,whileourPCA-RNNalgorithmshowsgooddetectionaccuracyonalltestingscenarios.
4ConclusionandFutureWorkThispaperpresentsanovelmachinelearningbasedDDoSdetectionmethodwithbothaccuracyandefficiency.
Inthefuturework,wewilltestthealgorithmthroughmorerealdatasetandtrytostudytheinherentcharacteristicsundertheselectedfeatures.
REFERENCES[1]Study:AttackonKrebsOnSecurityCostIoTDeviceOwners$323K,Available:https://krebsonsecurity.
com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/[2]Tao,Y.
,&Yu,S.
(2013).
DDoSAttackDetectionatLocalAreaNetworksUsingInformationTheoreticalMetrics.
IEEEInternationalConferenceonTrust,SecurityandPrivacyinComputingandCommunications(Vol.
8,pp.
233-240).
IEEE.
[3]Dong,P.
,Du,X.
,Zhang,H.
,&Xu,T.
(2016).
AdetectionmethodforanovelDDoSattackagainstSDNcontrollersbyvastnewlow-trafficflows.
IEEEInternationalConferenceonCommunications(pp.
1-6).
IEEE.
[4]Mousavi,S.
M.
,&Sthilaire,M.
(2015).
EarlydetectionofDDoSattacksagainstSDNcontrollers.
InternationalConferenceonComputing,NETWORKINGandCommunications(Vol.
17,pp.
77-81).
IEEEComputerSociety.
[5]KDDCupData,http://kdd.
ics.
uci.
edu/databases/kddcup99/kddcup99.
html.
搬瓦工vps(bandwagonhost)现在面向中国大陆有3条顶级线路:美国 cn2 gia,香港 cn2 gia,日本软银(softbank)。详细带宽是:美国cn2 gia、日本软银,都是2.5Gbps~10Gbps带宽,香港 cn2 gia为1Gbps带宽,搬瓦工是目前为止,全球所有提供这三种带宽的VPS(云服务器)商家里面带宽最大的,成本最高的,没有第二家了! 官方网站:https...
10gbiz发布了9月优惠方案,针对VPS、独立服务器、站群服务器、高防服务器等均提供了一系列优惠方面,其中香港/洛杉矶CN2 GIA线路VPS主机4折优惠继续,优惠后最低每月仅2.36美元起;日本/香港独立服务器提供特价款首月1.5折27.43美元起;站群/G口服务器首月半价,高防服务器永久8.5折等。这是一家成立于2020年的主机商,提供包括独立服务器租用和VPS主机等产品,数据中心包括美国洛...
百驰云成立于2017年,是一家新国人IDC商家,且正规持证IDC/ISP/CDN,商家主要提供数据中心基础服务、互联网业务解决方案,及专属服务器租用、云服务器、云虚拟主机、专属服务器托管、带宽租用等产品和服务。百驰云提供源自大陆、香港、韩国和美国等地骨干级机房优质资源,包括BGP国际多线网络,CN2点对点直连带宽以及国际顶尖品牌硬件。专注为个人开发者用户,中小型,大型企业用户提供一站式核心网络云端...
ddos为你推荐
已备案域名查询怎样知道一个网站是不是真的已经备案?英文域名中文域名与英文域名有什么区别,中文域名为什么贵?在搜索时哪个更有优势网站域名网站域名是什么网站空间域名网站、域名空间三者的关系台湾vps台湾服务器 哪里稳定速度快?网站空间商网站空间商怎么查询香港虚拟主机香港虚拟主机多少钱一年呢?山东虚拟主机能否在虚拟机与主机之间建立局域网,让主机与虚拟机同时上网?论坛虚拟主机最适合做论坛的虚拟主机是什么?域名邮箱如何注册域名邮箱
主机测评网 stablehost arvixe 68.168.16.150 美国php空间 好看的桌面背景图片 免费静态空间 合肥鹏博士 个人免费空间 新天域互联 hkg idc是什么 新家坡 泉州电信 百度云1t 福建铁通 昆明蜗牛家 网购分享 starry 数据库空间 更多