sentimentddos
ddos 时间:2021-01-03 阅读:()
DDoSEventForecastingusingTwitterDataZhongqingWang1,2andYueZhang21SoochowUniversity,China2SingaporeUniversityofTechnologyandDesignDDoSAttacksADistributedDenialofService(DDoS)attackemploysmultiplecompromisedsystemstointerruptorsuspendservicesofahostconnectedtotheInternet[Carletal.
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
,2006]BusinessImpactofDDoSAttacksAlmosthalf(45%)oftherespondentsindicatedtheirattacksThosehaving500ormoreemployeesaremostlikelytoexperienceaDDoSassaultTheaverageDDoScostcanbeassessedatabout$500,000AdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesProfileofanAttackDDoSassaultscomeinmanyshapesandsizes,soorganizationsmustbepreparedforanythinginordertoprotectthemselvesAdaptedfromMatthew.
(2014).
Incapsulasurvey:WhatDDoSAttacksReallyCostBusinessesDDoSDetectiononCyberSecurityDomainTraditionally,theaimofaDDoSdetectionsystemistodetectmaliciouspackettrafficfromlegitimatetraffic[MirkovicandReiher,2004].
However,malicioustrafficoccursonlyafteraDDoSattackhasbegun,thereislimitedtimetopreventdamage.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackdetectForecastnotDetectThispaperinvestigatesthefeasibilityofforecastingthelikelihoodofDDoSattacksbeforetheyhappenbymonitoringsocialmediastream.
Ideally,ifthelikelihoodofDDoSattackscanbeforecasted,itcanbeusedtoguideconfigurationofaDDoSdetectionanddefensesystemoveracertainperiodoftime.
Todayyesterday2daybefore3daybefore4daybefore…TargetiattackforecastAssumptionsofForecastingOurmotivationisthattheattackedtargetsmaybementionedunfavorablyorarousenegativesentimentsinsocialmediatext.
DDoSForecastonTweetStreamOurtaskistopredictwhetheraDDoSeventislikelyoccurinthenextday,giventhetweetstreamoverahistoricalperiodrelatedtothemonitoredtarget.
Todayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiIfnextdaywillhappenattackChallengeofModelingTextStreamInputisatextstreamratherthanadocumentAnidealmodelshouldcapturetweet-levelinformationstream-levelinformationburstinesssentimentoverhistoryTodayyesterday2daybefore3daybefore4daybefore…TweetsTweetsTweetsTweetsTargetiHowtoorganizethetextstreaminformationNeuralStreamModelsTweetmodelrepresentstext-levelfeaturesbasedonthetweetcontentDistributedWordEmbeddingslearnsrepresentationofeachwordDaymodelcapturesdailytweetrepresentationsStreammodelcapturesinformationoverthedailystreamhistoryTodayyesterday2ndday1stdayTargetidNpdNp-1d1StreamModel……DayModelTweetModelONp-1CNNCNNCNNCNNCNNCNNO1ONpt1t2tNd…t1t2tNd…t1t2…tNd…hDistributedWordEmbeddingsWerepresenteachwordwkwithbothcommonwordembeddingsandexplicitsentimentembeddings.
AtweettjismappedintoamatrixWeusethesentiment-enrichedembedding[Tangetal.
,2014]ofwordsinsentimentlexiconsasasentimentalrepresentationoftweettjTweetModelWeuseaCNNtoconstructthetweetmodel,representingtext-levelfeaturesforindividualtweets.
Theinputisthesequenceofwordsoftweetti,andtheoutputisavectorrepresentationofthetweetw1wN…Day-levelSubModelWetreatallrelevanttweetsinadayasaunit,anduseaCNNtoextractaunifieddailyrepresentationvector.
…StreamModelsWeusestreammodelstocapturetextstreaminformationontopofthedaymodel.
isusetodenotethestreammodeloutput.
Streammodel…hStreamModels(cont.
)AsimplestreammodelcanbeaonelayerLSTMonthedailytweetsequencedirectly.
MoresophisticatedmodelsonthefollowingcanbeexploitedbycapturingricherfeaturesoveratextstreamVanillaStreamModelShort-andLong-TermStreamModelHierarchicalStreamModelVanillaStreamModelAsabaseline,wemodelatweetstreambyusinganLSTMtorecurrentlycapturedailytweethistory.
Formally,givenfromthedaymodel,weobtainacorrespondingsequenceofhiddenstatevectorswhere,DrawbacksofVanillaStreamModelThevanillastreammodeldoesnotexplicitlymodelthedifferencebetweenshortandlongtermhistories,whichcanbeusefulfortwomajorreasons:acontrastbetweenshortandlongtermhistorycanrevealburstinessandtrends.
therelativeimportanceoflongertermhistoryshouldbesmallercomparedtothatofshortertermhistory.
Short-andLong-TermStreamModelToaddressthedrawbacksofvanillastreammodel,wedevelopastreammodelthatcapturesshort-termandlong-termhistoriesseparatelywithdifferentLSTMs.
long-termhistoryshort-termhistoryShort-andLong-TermStreamModel(cont.
)WeeklyLSTMmodelisusedtocaptureshort-termhistory{d7,d6,.
.
.
,d1}.
Thehiddenstatevectorsare:MonthlyLSTMmodelisusedtocapturelong-termhistory{d30,d29,.
.
.
,d1}.
Thehiddenstatevectorsare:Thestatevectorsoftheweeklyandmonthlymodelsareconcatenatedwiththedailystatevectorintoasinglevector:long-termshort-termlastdayHierarchicalStreamModelAdrawbackoftheShort-andLong-TermModelaboveisthatthesizeofutilizinghistoryislimitedto30days.
Weproposeafine-grainedstackedLSTMmodel,arrangingdaily,weekly,andmonthlyhistoryintoahierarchicalstructure,tocaptureinfinitelylonghistorywithoutlosingshortandlongtermdifference.
HierarchicalStreamModel(cont.
)Day-levelisthesameasthevanillasequencemodel,whichmapsthedailytweetrepresentationintoahiddenstatesequenceHierarchicalStreamModel(cont.
)Week-levelisstackedontopoftheday-levelmodel,takingthesequenceofhiddenstatevectorsofevery7days,namelyasinput.
Theweeklyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Month-levelisstackedontopoftheweek-levelmodel,takingthesequenceofhiddenstatevectorsofevery4weeks,asinput.
Themonthlyhiddenstatevectorsare:HierarchicalStreamModel(cont.
)Thehierarchicalstatevectorsareconcatenatedintoasinglevector,whichisfedtothepredictionmodel.
PredictionSubModelWeuseasoftmaxclassifiertopredicttheattacklabelybasedonh,wherelabelprobabilitiesarecalculatedas:DataCollectionDDoSEventCollection.
ADDoSeventcanbedefinedasatriplet(e,t,d),wheree,t,ddenoteevent,targetanddate,respectively.
wecollectthesethreetypesofinformationfromddosattacks.
net.
weobtain170gold-standardeventsbasedonasemi-automaticprocess.
Eacheventturnsouttohaveauniquetarget.
ExampleeventtriplesDataCollection(cont.
)EventRelatedTweetsCollection.
Thetargetnamesareusedaskeywordstosearchandcollecttherelatedtweets.
HistorytweetdataarecollectedfromAugust,2015toApril,2016thesamespanforcollectingDDoSnewsevent.
Foreachtarget,wecollectabout200postspermonth,obtaining17760tweetsrelatedtoallthe170targets.
NOTEweonlycollectthosetweetswhichmentionatargetexplicitlyinordertomakesurethatthetweetsarerelatedtothetarget.
ExperimentalSettingsTraining&TestingData.
Weuse80randomtargetsfortraining,60fordevelopment,andtheremaining30fortesting.
Positive&NegativeSamples.
Foreachtarget,thereisexactlyonedayinthedatasetwhenaDDoSattackoccurred,whichisregardedasapositivesample.
theremainingdaysareconsiderednegativesamples.
Metric.
Weusetheareaundertheprecision-recallcurve(AUC)[DavisandGoadrich,2006].
ExperimentonImbalancedDataOurdatasetishighlyimbalanced,withtheratiobetweenpositiveandnegativesamplesbeingverysmall.
Weinvestigatefourtypicalstrategiestoaddresstheissue.
under-sampling-1,usingonesampleofnegativedataforeachpositivedata.
Itoutperformsallotherapproaches.
Itisusedinthefollowingsubsections.
CorrelationbetweenTweetsandDDoSEventsWeuseasetofvanillastreammodelstoverifythecorrelationbetweenhistorytweetsandDDoSevents.
Neg-Term-countmeanscountthenegativewordsfromtweetseachday,forecastinganattackifthenumberofnegativewordsislargerthanathreshold.
SVMisabasicSVMmodelwithbag-of-wordfeatures.
SVM-embuseswordembeddingsvectorsforSVMfeatures.
SVM-emb-sentiusesbothcommonwordembeddingandsentiment-enrichedembeddings.
LSTM-embistheproposedvanillastreammodelusingwordembeddings.
LSTM-sentiisthevanillastreammodelwithsentimentenrichedwordembeddings.
LSTM-emb-sentiisthevanillastreammodelwithbothcommonwordembeddingandsentiment-enrichedembeddings.
CorrelationbetweenTweetsandDDoSEvents(cont.
)IstextusefulforDDoSforecastingalltext-basedmodelsoutperformtherandombaselinesignificantly,whichdemonstratesthattextfromsocialmediaisindeedinformativeforDDoSforecast.
UsefulfactorssentimentinformationhighlyusefulforDDoSeventforecasting.
LSTMcanleveragenon-localsemanticinformationforsentencerepresentationbeyondsentimentsignals.
InfluenceofDateRangeIfthedaterangeistoosmall,thestreammodelcannotcapturesufficienthistoricalinformationforprediction.
However,averylargehistorydaterangemaycontainnoiseandirrelevantinformation.
Thissuggeststheusefulnessofcombiningdifferenthistorygranularities.
InfluenceofStreamModelsWecomparethedifferentstreammodels.
LSTMVSisthevanillastreammodelLSTMSListheLSTMbasedstreammodelwithshortandlongtermhistoryLSTMHSisthehierarchicalLSTMstreammodelFinalResultsThefinalresultsonthetestdatasetareonthefollowing:Thankswangzq.
antony@gmail.
com,yue_zhang@sutd.
edu.
sg
- sentimentddos相关文档
- 报告ddos
- 报告初稿完成时间:2016
- 爬虫ddos
- 攻击ddos
- Configurationddos
- deviceddos
RAKsmart 黑色星期五云服务器七折优惠 站群服务器首月半价
一年一度的黑色星期五和网络星期一活动陆续到来,看到各大服务商都有发布促销活动。同时RAKsmart商家我们也是比较熟悉的,这次是继双十一活动之后的促销活动。在活动产品中基本上沿袭双11的活动策略,比如有提供云服务器七折优惠,站群服务器首月半价、还有新人赠送红包等活动。如果我们有需要RAKsmart商家VPS、云服务器、独立服务器等产品的可以看看他们家的活动。这次活动截止到11月30日。第一、限时限...
TNAHosting($5/月)4核/12GB/500GB/15TB/芝加哥机房
TNAHosting是一家成立于2012年的国外主机商,提供VPS主机及独立服务器租用等业务,其中VPS主机基于OpenVZ和KVM架构,数据中心在美国芝加哥机房。目前,商家在LET推出芝加哥机房大硬盘高配VPS套餐,再次刷新了价格底线,基于OpenVZ架构,12GB内存,500GB大硬盘,支持月付仅5美元起。下面列出这款VPS主机配置信息。CPU:4 cores内存:12GB硬盘:500GB月流...
CheapWindowsVPS:7个机房可选全场5折,1Gbps不限流量每月4.5美元
CheapWindowsVPS是一家成立于2007年的老牌国外主机商,顾名思义,一个提供便宜的Windows系统VPS主机(同样也支持安装Linux系列的哈)的商家,可选数据中心包括美国洛杉矶、达拉斯、芝加哥、纽约、英国伦敦、法国、新加坡等等,目前商家针对VPS主机推出5折优惠码,优惠后最低4GB内存套餐月付仅4.5美元。下面列出几款VPS主机配置信息。CPU:2cores内存:4GB硬盘:60G...
ddos为你推荐
-
服务器租用武汉服务器租用,托管哪个公司好?域名备案查询网站备案查询海外域名求国外域名商列表虚拟空间哪个好虚拟内存一般设多大比较好?免费网站空间免费网站空间哪个好asp网站空间谁有能申请免费的ASP空间网站?1g虚拟主机1G虚拟空间大约多少钱?下载虚拟主机怎么安装虚拟机广西虚拟主机南宁有实力的网络公司推荐下?域名网电脑上的域名分别表示什么!