基于偏二叉树SVM多分类算法的应用层DDoS检测方法

doi:10.11959/j.issn.2096-109x.2018020

Abstract

Abstract:

As it ignored the detection of ramp-up and pulsing type of application layer DDoS (App-DDoS) attacks in existing flow-based App-DDoS detection methods,an effective detection method for multi-type App-DDoS was proposed.Firstly,in order to fast count the number of HTTP GET for users and further support the calculation of feature parameters applied in detection method,the indexes of source IP address in multiple time windows were constructed by the approach of Hash function.Then the feature parameters by combining SVM classifiers with the structure of partial binary tree were trained hierarchically,and the App-DDoS detection method was proposed with the idea of traversing binary tree and feedback learning to distinguish non-burst normal flow,burst normal flow and multi-type App-DDoS flows.The experimental results show that compared with the conventional SVM-based and na?ve-Bayes-based detection methods,the proposed method has more excellent detection performance and can distinguish specific App-DDoS types through subdividing attack types and training detection model layer by layer.

Key words: App-DDoS attack, HTTP GET statistical model, flow feature parameter, SVM multi-classifier

CLC Number:

TP393

Bin ZHANG,Zihao LIU,Shuqin DONG,Lixun LI. App-DDoS detection method using partial binary tree based SVM algorithm[J]. Chinese Journal of Network and Information Security, 2018, 4(3): 24-34.

Figures/Tables 14

References 19

[1]	陈飞, 毕小红, 王晶晶 ,等. DDoS攻击防御技术发展综述[J]. 网络与信息安全学报, 2017,3(10): 16-24.
	CHEN F , BI X H , WANG J J ,et al. Survey of DDoS defense:challenges and directions[J]. Chinese Journal of Network and Information Security, 2017,3(10): 16-24.
[2]	SINGH K , SINGH P , KUMAR K . Application layer HTTP-GET flood DDoS attacks:research landscape and challenges[J]. Computer ＆ Security, 2016,65: 344-372.
[3]	李锦玲, 王斌强 . 基于最大频繁序列模式挖掘的 App-DDoS 攻击的异常检测[J]. 电子与信息学报, 2013,35(7): 1739-1745.
	LI J L , WANG B Q . Detecting App-DDoS attacks based on maximal frequent sequential pattern mining[J]. Journal of Electronics ＆Information Technology, 2013,35(7): 1739-1745.
[4]	SANGJAE L , GISUNG K , SEHUM K . Sequence-order- independent network profiling for detecting application layer DDoS attacks[J]. Eurasip Journal on Wireless Communication ＆ Networking, 2011,50(1): 1-9.
[5]	杨宏宇, 常媛 . 基于 K 均值多重主成分分析的 App-DDoS 检测方法[J]. 通信学报, 2014,35(5): 16-24.
	YANG H Y , CHANG Y . App-DDoS detection method based on K-means multiple principal component analysis[J]. Journal on Communications, 2014,35(5): 16-24.
[6]	YU S , THAPNGAM T , LIU J ,et al. Discriminating DDoS flows from flash crowds using information distance[C]// IEEE The 3rd International Conference on Network and System Security. 2009: 351-356.
[7]	LI K , ZHOU W L , LI P ,et al. Distinguishing DDoS attacks from flash crowds using probability metrics[C]// IEEE The 3rd International Conference on Network and System Security. 2009: 9-17.
[8]	YU S , ZHOU W L , JIA W J ,et al. Discriminating DDoS attacks from flash crowds using flow correlation coefficient[J]. IEEE Transactions on Parallel and Distributed Systems, 2012,23(6): 1073-1080.
[9]	SINGH KJ , THONGAM K , DE T . Entropy-based application layer DDoS attack detection using artificial neural networks[J].Entropy,2016:18(10),350-367. Entropy, 2016,18(10): 350-367.
[10]	NI T G , GUX Q , WANG H Y ,et al. Real-Time detection of applica tion-layer DDoS attack using time series analysis[J]. Journal of Control Science and Engineering, 2013(5): 1-6.
[11]	IRFAN S , AMIT M , VIBHAKAR M . Machine learning techniques used for the detection and analysis of morden types of DDoS attacks[J]. International Research Journal of Engineering and Technology, 2017,4(6): 16-24.
[12]	LIU L , JIN X L , MIN G Y ,et al. Anomaly diagnosis based on regression and classification analysis of statistical traffic features[J]. Security and Communication Networks, 2014,7: 1372-1383.
[13]	PAL R , KUMAR S , SHARMA R L . A detailed classification of flash events:client,server and network characteristics[C]// The International Conference on Computer Science ＆ Service System. 2012: 960-963.
[14]	杨新武, 马壮, 袁顺 . 基于弱分类器调整的多分类 Adaboost 算法[J]. 电子与信息学报, 2016,38(2): 373-380.
	YANG X W , MA Z , YUAN S . Multi-classification adaboost algorithm based on weak classifier adjustment[J]. Journal of Electronics＆ Information Technology, 2016,38(2): 373-380.
[15]	KANGS , CHOS Z , PILSUNG K . Constructing a multi-class classifier using one-against-one approach with different binary classifier[J]. Neurocomputing, 2015,149: 677-682.
[16]	SILVA C , RIBEIRO B . Multiclass ensemble of one-against-all SVM classifiers[C]// The International Symposium on Neural Networks. 2016: 531-539.
[17]	JINDAL A , DUA A , KAUR K ,et al. Decision tree and SVM-based data analytics for theft detection in smart grid[J]. IEEE Transactions on Industrial Informatics, 2016,12(3): 1005-1016.
[18]	CORTES C , VAPNIK V . Support vector networks[J]. Machine Learning, 1995,20: 273-297.
[19]	ITA. WorldCup98[DB/OL]. .

Metrics

Recommended 0

No Suggested Reading articles found!

数据集			负载			请求方式	子网规模
数据集	单位	阶段数	峰值	上升时间/min	稳定时间/min	请求方式	子网规模
ATD₁	Trans/s	6	120	9	1	Random	2 000
ATD₂	Trans/s	6	120	0	5	Random	2 000
ATD₃	Trans/s	6	120	0	10	Random	2000
ADD₁	Trans/s	6	150	8	2	Random	2 000
ADD₂	Trans/s	6	150	0	6	Random	2 000
ADD₃	Trans/s	6	150	0	10	Random	2 000

数据集	PBT-SVM	SVM	Navie Bayes
NDD₁	0	0	0
NDD₂	0	0	0
FDD₁	1.67%	3.33%	6.67%
FDD₂	3.33%	8.33%	6.67%
平均值	1.25%	2.92%	3.75%

数据集	PBT-SVM	SVM	Navie Bayes
ADD₁	96.67%	85.00%	83.33%
ADD₂	93.33%	86.67%	81.67%
ADD₃	100.00%	100.00%	100.00%
平均值	96.67%	90.56%	88.33%

App-DDoS detection method using partial binary tree based SVM algorithm

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 14

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Kui REN, Quanrun MENG, Shoukun YAN, Zhan QIN. Survey of artificial intelligence data security and privacy protection [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 1-10.
[2]	Qingqing ZHANG, Hongbo TANG, Wei YOU, Yingle LI. Network function heterogeneous redundancy deployment method based on immune algorithm [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 46-56.
[3]	Tao ZHANG, Qianhong WU, Zongxun TANG. Bitcoin blockchain based information convert transmission [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 84-92.
[4]	Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG. Moving target defense against adversarial attacks [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 113-120.
[5]	Chunyu MIAO, Yuan FAN, Hui LI, Kaiqiang GE, Xiaomeng ZHANG. Secure data collection method of WSN based on mobile Sink [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 121-129.
[6]	Lu CHEN, Hongbo TANG, Wei YOU, Yi BAI. Research on security defense of mobile edge computing [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 130-142.
[7]	Cheng SUN, Hao HU, Yingjie YANG, Hongqi ZHANG. Two-layer threat analysis model integrating macro and micro [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 143-156.
[8]	Yingjun ZHANG,Ushangqi LI,Mu YANG,Haixia ZHANG,Kezhen HUANG. Survey on anomaly detection technology based on logs [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 1-12.
[9]	Xiaobing XIONG,Hui SHU,Fei KANG. Method of diversity software protection based on fusion compilation [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 13-24.
[10]	Xin ZHANG,Weizhong QIANG,Yueming WU,Deqing ZOU,Hai JIN. Mining behavior pattern of mobile malware with convolutional neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 35-44.
[11]	Tianyu ZHOU,Wenbo SHEN,Nanzi YANG,Jinku LI,Chenggang QIN,Wang YU. Analysis of DoS attacks on Docker inter-component stdio copy [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 45-56.
[12]	Jingjing SHANG,Yujia ZHU,Qingyun LIU. Analysis of security extension protocol in e-mail system [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 69-79.
[13]	Biao WANG,Xingyang LIU,Ka XU,Wangyang LIU,Kenan WANG,Yuqing XIA. Research on national security risk assessment model of open government data [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 80-87.
[14]	Gang XIONG,Yuwei GE,Yanjie CHU,Weiquan CAO. Model of cyberspace threat early warning based on cross-domain and collaboration [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 88-96.
[15]	Qi WU,Hongchang CHEN. Low failure recovery cost controller placement strategy in software defined networks [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 97-104.