sentimentddos
ddos 时间:2021-01-03 阅读:()
DDoSEventForecastingusingTwitterDataZhongqingWang1,2andYueZhang21SoochowUniversity,China2SingaporeUniversityofTechnologyandDesignDDoSAttacksADistributedDenialofService(DDoS)attackemploysmultiplecompromisedsystemstointerruptorsuspendservicesofahostconnectedtotheInternet[Carletal.
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
- sentimentddos相关文档
- 报告ddos
- 报告初稿完成时间:2016
- 爬虫ddos
- 攻击ddos
- Configurationddos
- deviceddos
wordpress外贸企业主题 wordpress经典外贸企业建站主题
WordPress经典外贸企业建站主题,经典配色扁平化简约设计+跨屏自适应移动端设备,特色外贸企业建站功能模块+在线Inquiry询单功能,更有利于Google等英文搜索优化和站点收录。采用标准的HTML5+CSS3语言开发,兼容当下的各种主流浏览器: IE 6+(以及类似360、遨游等基于IE内核的)、Firefox、Google Chrome、Safari、Opera等;同时支持移动终端的常用...
Dynadot多种后缀优惠域名优惠码 ,.COM域名注册$6.99
Dynadot 是一家非常靠谱的域名注册商家,老唐也从来不会掩饰对其的喜爱,目前我个人大部分域名都在 Dynadot,还有一小部分在 NameCheap 和腾讯云。本文分享一下 Dynadot 最新域名优惠码,包括 .COM,.NET 等主流后缀的优惠码,以及一些新顶级后缀的优惠。对于域名优惠,NameCheap 的新后缀促销比较多,而 Dynadot 则是对于主流后缀的促销比较多,所以可以各取所...
BuyVM($5/月)不限流量流媒体优化VPS主机 1GB内存
BuyVM商家属于比较老牌的服务商,早年有提供低价年付便宜VPS主机还记得曾经半夜的时候抢购的。但是由于这个商家风控非常严格,即便是有些是正常的操作也会导致被封账户,所以后来陆续无人去理睬,估计被我们风控的抢购低价VPS主机已经手足无措。这两年商家重新调整,而且风控也比较规范,比如才入手他们新上线的流媒体优化VPS主机也没有不适的提示。目前,BuyVM商家有提供新泽西、迈阿密等四个机房的VPS主机...
ddos为你推荐
-
服务器租用武汉服务器租用,托管哪个公司好?虚拟主机服务器虚拟主机和站点服务器什么区别中文域名注册查询怎么查我们公司的中文域名是被谁注册的?vps试用求个免费现成的vps(可永久可试用)免费国内空间现在国内比较好的免费网站空间有那个啊?免费域名空间哪个免费空间的域名最好免备案虚拟主机哪家免备案虚拟主机好,而且便宜点的?虚拟主机管理系统虚拟主机管理系统那一家好?1g虚拟主机网站空间1G是多少M,网站空间用1G虚拟主机够吗。价格多少,数据库和网站有什么关系上海虚拟主机谁能告诉我杭州哪个公司的虚拟主机最好,机房最好是上海或浙江的.