sentimentddos
ddos 时间:2021-01-03 阅读:()
DDoSEventForecastingusingTwitterDataZhongqingWang1,2andYueZhang21SoochowUniversity,China2SingaporeUniversityofTechnologyandDesignDDoSAttacksADistributedDenialofService(DDoS)attackemploysmultiplecompromisedsystemstointerruptorsuspendservicesofahostconnectedtotheInternet[Carletal.
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
- sentimentddos相关文档
- 报告ddos
- 报告初稿完成时间:2016
- 爬虫ddos
- 攻击ddos
- Configurationddos
- deviceddos
DediPath($1.40),OpenVZ架构 1GB内存
DediPath 商家成立时间也不过三五年,商家提供的云服务器产品有包括KVM和OPENVZ架构的VPS主机。翻看前面的文章有几次提到这个商家其中机房还是比较多的。其实对于OPENVZ架构的VPS主机以前我们是遇到比较多,只不过这几年很多商家都陆续的全部用KVM和XEN架构替代。这次DediPath商家有基于OPENVZ架构提供低价的VPS主机。这次四折的促销活动不包括512MB内存方案。第一、D...
宝塔面板批量设置站点404页面
今天遇到一个网友,他在一个服务器中搭建有十几个网站,但是他之前都是采集站点数据很大,但是现在他删除数据之后希望设置可能有索引的文章给予404跳转页面。虽然他程序有默认的404页面,但是达不到他引流的目的,他希望设置统一的404页面。实际上设置还是很简单的,我们找到他是Nginx还是Apache,直接在引擎配置文件中设置即可。这里有看到他采用的是宝塔面板,直接在他的Nginx中设置。这里我们找到当前...
HTTPS加密协议端口默认是多少且是否支持更换端口访问
看到群里网友们在讨论由于不清楚的原因,有同学的网站无法访问。他的网站是没有用HTTPS的,直接访问他的HTTP是无法访问的,通过PING测试可以看到解析地址已经比较乱,应该是所谓的DNS污染。其中有网友提到采用HTTPS加密证书试试。因为HTTP和HTTPS走的不是一个端口,之前有网友这样测试过是可以缓解这样的问题。这样通过将网站绑定设置HTTPS之后,是可以打开的,看来网站的80端口出现问题,而...
ddos为你推荐
-
vpsvps什么意思国外空间租用国内和海外空间 域名 服务器托管 租用免费国内空间跪求国内最好的免费空间!美国vps主机听说美国vps主机性能不错,没用过,想听听各位的意见~国内ip代理找一个好用的国内电信IP代理?美国网站空间购买美国网站空间使用会不会麻烦呢,网站空间购买国内网站空间购买哪里的比较实惠啊?网站空间购买网站空间购买注意事项100m网站空间网站空间100M指多大免费网站空间申请需要一个免费的网站空间申请地址。