sentimentddos
ddos 时间:2021-01-03 阅读:()
DDoSEventForecastingusingTwitterDataZhongqingWang1,2andYueZhang21SoochowUniversity,China2SingaporeUniversityofTechnologyandDesignDDoSAttacksADistributedDenialofService(DDoS)attackemploysmultiplecompromisedsystemstointerruptorsuspendservicesofahostconnectedtotheInternet[Carletal.
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
- sentimentddos相关文档
- 报告ddos
- 报告初稿完成时间:2016
- 爬虫ddos
- 攻击ddos
- Configurationddos
- deviceddos
Virmach 3.23美元可用6个月的VPS主机
Virmach 商家算是比较久且一直在低价便宜VPS方案中玩的不亦乐乎的商家,有很多同时期的商家纷纷关闭转让,也有的转型到中高端用户。而前一段时间也有分享过一次Virmach商家推出所谓的一次性便宜VPS主机,比如很低的价格半年时间,时间到服务器也就关闭。这不今天又看到商家有提供这样的产品。这次的活动产品包括圣何塞和水牛城两个机房,为期六个月,一次性付费用完将会取消,就这么特别的产品,适合短期玩玩...
CloudCone:$17.99/年KVM-1GB/50GB/1TB/洛杉矶MC机房
CloudCone在月初发了个邮件,表示上新了一个系列VPS主机,采用SSD缓存磁盘,支持下单购买额外的CPU、内存和硬盘资源,最低年付17.99美元起。CloudCone成立于2017年,提供VPS和独立服务器租用,深耕洛杉矶MC机房,最初提供按小时计费随时退回,给自己弄回一大堆中国不能访问的IP,现在已经取消了随时删除了,不过他的VPS主机价格不贵,支持购买额外IP,还支持购买高防IP。下面列...
PacificRack(年付低至19美元),夏季促销PR-M系列和多IP站群VPS主机
这几天有几个网友询问到是否有Windows VPS主机便宜的VPS主机商。原本他们是在Linode、Vultr主机商挂载DD安装Windows系统的,有的商家支持自定义WIN镜像,但是这些操作起来特别效率低下,每次安装一个Windows系统需要一两个小时,所以如果能找到比较合适的自带Windows系统的服务器那最好不过。这不看到PacificRack商家有提供夏季促销活动,其中包括年付便宜套餐的P...
ddos为你推荐
-
免费美国主机哪里有免费不限流量的国外主机广东虚拟主机西部数码和中国万网,哪家的虚拟主机哪个好,用过的说说?英文域名求好听的个性英语域名?香港虚拟空间最好的香港虚拟主机是哪家?重庆虚拟空间重庆合川宝龙城市广场有前途么网站空间购买企业网站空间购买的网站空间具体需要多大的合适?虚拟主机评测网求推荐一些适合个人博客网站的虚拟主机的服务商虚拟主机服务商哪个虚拟主机的服务商比较好?论坛虚拟主机论坛虚拟主机的IP地址在后台的那个地方呀东莞虚拟主机在东莞服务器租用怎么选择