sentimentddos
ddos 时间:2021-01-03 阅读:()
DDoSEventForecastingusingTwitterDataZhongqingWang1,2andYueZhang21SoochowUniversity,China2SingaporeUniversityofTechnologyandDesignDDoSAttacksADistributedDenialofService(DDoS)attackemploysmultiplecompromisedsystemstointerruptorsuspendservicesofahostconnectedtotheInternet[Carletal.
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
- sentimentddos相关文档
- 报告ddos
- 报告初稿完成时间:2016
- 爬虫ddos
- 攻击ddos
- Configurationddos
- deviceddos
ATCLOUD-KVM架构的VPS产品$4.5,杜绝DDoS攻击
ATCLOUD.NET怎么样?ATCLOUD.NET主要提供KVM架构的VPS产品、LXC容器化产品、权威DNS智能解析、域名注册、SSL证书等海外网站建设服务。 其大部分数据中心是由OVH机房提供,其节点包括美国(俄勒冈、弗吉尼亚)、加拿大、英国、法国、德国以及新加坡。 提供超过480Gbps的DDoS高防保护,杜绝DDoS攻击骚扰,比较适合海外建站等业务。官方网站:点击访问ATCLOUD官网活...
ShineServers(5美元/月)荷兰VPS、阿联酋VPS首月五折/1核1G/50GB硬盘/3TB流量/1Gbps带宽
优惠码50SSDOFF 首月5折50WHTSSD 年付5折15OFF 85折优惠,可循环使用荷兰VPSCPU内存SSD带宽IPv4价格购买1核1G50G1Gbps/3TB1个$ 9.10/月链接2核2G80G1Gbps/5TB1个$ 12.70/月链接2核3G100G1Gbps/7TB1个$ 16.30/月链接3核4G150G1Gbps/10TB1个$ 18.10/月链接阿联酋VPSCPU内存SS...
创梦网络-新上雅安电信200G防护值内死扛,无视CC攻击,E5 32核高配/32G内存/1TB SSD/100Mbps独享物理机,原价1299,年未上新促销6折,仅779.4/月,续费同价
创梦网络怎么样,创梦网络公司位于四川省达州市,属于四川本地企业,资质齐全,IDC/ISP均有,从创梦网络这边租的服务器均可以****,属于一手资源,高防机柜、大带宽、高防IP业务,另外创梦网络近期还会上线四川眉山联通、广东优化线路高防机柜,CN2专线相关业务。广东电信大带宽近期可以预约机柜了,成都优化线路,机柜租用、服务器云服务器租用,适合建站做游戏,不须要在套CDN,全国访问快,直连省骨干,大网...
ddos为你推荐
-
网络域名注册什么叫做网络域名 怎么注册网络域名 以及它的收费方式域名注册网有没有免费的网站域名注册?虚拟主机代理个人适合代理虚拟主机的业务吗ip代理地址IP代理什么意思?jsp虚拟空间JSP虚拟目录及虚拟路径的配置方法免备案虚拟主机哪家免备案虚拟主机好,而且便宜点的?国内最好的虚拟主机国内安全性最好的虚拟主机空间商有哪些?1g虚拟主机想买个1G虚拟主机,不限流量的,但不知道哪个建站网站靠谱,求推荐!虚拟主机服务商请问哪个服务商的虚拟主机比较好呀重庆虚拟主机重庆市邮政速递物流公司渝北分公司双龙揽投部客服电话