基于组合相关度的随机森林DDoS攻击检测方法
|
摘要
提出了一种基于组合相关度的随机森林(random forest,RF) DDoS攻击检测方法.根据攻击流的非对称性和半交互性定义网络流组合相关度(combination correlation degree,CCD),该相关度以地址相关统计(address correla-tion statistics,ACS)特征以及单向流半交互度(unidirectional flow semi interaction,UFSI)二元组来描述网络流的特点.然后提出基于CCD特征序列的遗传算法对RF中决策树的最大数量和最大深度两个关键参数进行优化,对参数优化的RF模型进行训练以生成分类模型来检测攻击.实验结果表明,与同类方法相比,该方法具有较高的准确率、较低的误报率和漏报率及较好的鲁棒性,适用于大数据下检测DDoS攻击.
A DDoS attack detection method based on combination correlation and random forest( RF)was proposed. The network flow combination correlation degree( CCD) was defined based on the nonsymmetric and the semi-double interaction characterizes of attack flow; and the two tuples form of address correlation statistics( ACS) and unidirectional flow semi interaction( UFSI) was used as the feature of the network flow in CCD. Then the genetic algorithm with the CCD feature sequences was used for the optimization of two key parameters of the decision tree in the RF,namely,the number of maximum trees and the maximum depth of the decision tree. And the RF model within optimized parameters was applied to train the classification model which could be used for the DDoS attack detection. The experiment suggested that the proposed method was suitable for detecting the DDoS attack in big data environment with higher accuracy rate,lower false alarm rate,and missing alarm rate compared with existing DDoS attack detection methods.
A DDoS attack detection method based on combination correlation and random forest( RF)was proposed. The network flow combination correlation degree( CCD) was defined based on the nonsymmetric and the semi-double interaction characterizes of attack flow; and the two tuples form of address correlation statistics( ACS) and unidirectional flow semi interaction( UFSI) was used as the feature of the network flow in CCD. Then the genetic algorithm with the CCD feature sequences was used for the optimization of two key parameters of the decision tree in the RF,namely,the number of maximum trees and the maximum depth of the decision tree. And the RF model within optimized parameters was applied to train the classification model which could be used for the DDoS attack detection. The experiment suggested that the proposed method was suitable for detecting the DDoS attack in big data environment with higher accuracy rate,lower false alarm rate,and missing alarm rate compared with existing DDoS attack detection methods.
引文
[1] BEHAL S,KUMAR K. Characterization and comparison of DDo S attack tools and traffic generators:a review[J]. Internationaljournal of network security,2017,19(3):383-393.
[2] AGRAWAL S,AGRAWAL J. Survey on anomaly detection using data mining techniques[J]. Procedia computer science,2015,60(1):708-713.
[3] CHENG J,ZHOU J H,LIU Q,et al. A DDo S detection method for socially aware networking based on forecasting fusion featuresequence[J]. The computer journal,2018,61(7):959-970.
[4] WANG C,ZHENG J,LI X. Research on DDo S attacks detection based on RDF-SVM[C]∥International Conference on Intelli-gent Computation Technology and Automation. Changsha,2017:161-165.
[5] UDDIN M,ALSAQOUR R,ABDELHAQ M. Intrusion detection system to detect DDo S attack in gnutella hybrid P2P network[J]. Indian journal of science&technology,2013,6(2):4045-4057.
[6] RIADI I,MUHAMMAD A W,SUNARDI. Neural network based DDo S detection regarding hidden layer variation[J]. Journal oftheoretical&applied information technology,2017,95(15):3684-3691.
[7] SINGH K,GUNTUKU S C,THAKUR A,et al. Big data analytics framework for peer-to-peer botnet detection using random for-ests[J]. Information sciences,2014,278(19):488-497.
[8] CHENG J,XU R M,TANG X Y,et al. An abnormal network flow feature sequence prediction approach for DDo S attacks detec-tion in big data environment[J]. Computers,materials&continua,2018,55(1):95-119.
[9]程杰仁,殷建平,刘运,等.基于地址相关度的分布式拒绝服务攻击检测方法[J].计算机研究与发展,2009,46(8):1334-1340.
[10] CHENG J,TANG X,YIN J. A change-point DDo S attack detection method based on half interaction anomaly degree[J]. Inter-national journal of autonomous&adaptive communications systems,2017,10(1):38-54.
[11] THE COOPERATIVE ASSOCIATION FOR INTERNET DATA ANALYSIS. The Caida Ucsd“DDo S attack 2007”dataset[EB/OL].(2007-08-05)[2018-08-01]. http:∥www.caida.org/data/passive/ddos-20070804_dataset.xml.
[2] AGRAWAL S,AGRAWAL J. Survey on anomaly detection using data mining techniques[J]. Procedia computer science,2015,60(1):708-713.
[3] CHENG J,ZHOU J H,LIU Q,et al. A DDo S detection method for socially aware networking based on forecasting fusion featuresequence[J]. The computer journal,2018,61(7):959-970.
[4] WANG C,ZHENG J,LI X. Research on DDo S attacks detection based on RDF-SVM[C]∥International Conference on Intelli-gent Computation Technology and Automation. Changsha,2017:161-165.
[5] UDDIN M,ALSAQOUR R,ABDELHAQ M. Intrusion detection system to detect DDo S attack in gnutella hybrid P2P network[J]. Indian journal of science&technology,2013,6(2):4045-4057.
[6] RIADI I,MUHAMMAD A W,SUNARDI. Neural network based DDo S detection regarding hidden layer variation[J]. Journal oftheoretical&applied information technology,2017,95(15):3684-3691.
[7] SINGH K,GUNTUKU S C,THAKUR A,et al. Big data analytics framework for peer-to-peer botnet detection using random for-ests[J]. Information sciences,2014,278(19):488-497.
[8] CHENG J,XU R M,TANG X Y,et al. An abnormal network flow feature sequence prediction approach for DDo S attacks detec-tion in big data environment[J]. Computers,materials&continua,2018,55(1):95-119.
[9]程杰仁,殷建平,刘运,等.基于地址相关度的分布式拒绝服务攻击检测方法[J].计算机研究与发展,2009,46(8):1334-1340.
[10] CHENG J,TANG X,YIN J. A change-point DDo S attack detection method based on half interaction anomaly degree[J]. Inter-national journal of autonomous&adaptive communications systems,2017,10(1):38-54.
[11] THE COOPERATIVE ASSOCIATION FOR INTERNET DATA ANALYSIS. The Caida Ucsd“DDo S attack 2007”dataset[EB/OL].(2007-08-05)[2018-08-01]. http:∥www.caida.org/data/passive/ddos-20070804_dataset.xml.