基于K均值多重主成分分析的App-DDoS检测方法

doi:10.3969/j.issn.1000-436x.2014.05.003

Abstract

Abstract:

Aiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extracting method was designed by ana-lyzing the difference between normal users' and attackers' access behavior. Secondly, a k-means multiple principal com-ponent analysis algorithm was proposed by using the maximum distance classification method according to the data di-mension reduction property of the principal component analysis, and then the testing model based on the algorithm was established. Finally, an App-DDoS attack detection experiment on the CTI-DATA dataset and the simulated attack data-set was conducted. In this experiment, the proposed method was compared with the fuzzy synthetical evaluation (FSE) algorithm, the hidden semi-Markov model (HsMM) detection algorithm and the dempster-shafer evidence theory (D-S) algorithm. Experimental results demonstrate that the KMPCAA detection algorithm has better detection performance.

Key words: application layer, network attack, principal component analysis, means clustering, log

Hong-yu YANG,Yuan CHANG. App-DDoS detection method based on K-means multiple principal component analysis[J]. Journal on Communications, 2014, 35(5): 16-24.

Figures/Tables 12

References 19

[1]	第30次中国互联网络发展状况统计报告[R]．中国互联网络信息中心, 2012.The 30th China Internet Network Development State Statistic Re-port[R]. China Internet Network Information Center, 2012.
[2]	张鹏 . Arbor Pravail APS：专注抵御应用层DDoS攻击[J]. 通信世界， 2011:41. ZHANG P . Arbor Pravail APS: focus on the application layer DDoS attack[J]. Communications World Weekly, 2011:41.
[3]	2011年中国互联网网络安全态势综述[R]．国家计算机网络应用技术处理协调中心， 2012.In 2011 China's Internet Network Security Situation Were Re-viewed[R]. National Computer Network Application Technology Proc-essing Coordination Center, 2012.
[4]	龙士工，赵梦龙 . 基于可信度的App-DDoS攻击的分布式流量控制模型[J]. 信息安全， 2009,25(3-3): 75-76,302. LONG S G , ZHAO M L . Distributed flow control model of the App -DDoS attacks based on the credibility[J]. Information Security, 2009,25(3-3): 75-76,302.
[5]	魏兵，徐震 . 基于验证机制的应用层DDoS攻击防御方法[J]. 计算机工程与设计， 2010,(31)2: 231-234. WEI B , XU Z . Defense approach against application level DDoS at-tacks based on authentication mechanism[J]. Computer Engineering and Design, 2010,(31)2: 231-234.
[6]	张苒 . 基于权重队列的HTTP DDoS防范技术研究[J]. 辽宁师专学报， 2007,9(4): 40-42. ZHANG R . Based on the weight of queue HTTP DDoS prevention technology research[J]. Journal of Liaoning Teachers College, 2007,9(4): 40-42.
[7]	赵国锋，喻守成，文晟 . 基于用户行为分析的应用层 DDoS 攻击检测方法[J]. 计算机应用研究， 2011,28(2): 717-719. ZHAO G F , YU S C , WEN C . Detecting application-layer DDoS at-tack based on analysis of users'behaviors[J]. Application Research of Computers, 2011,28(2): 717-719.
[8]	郁继锋 . 基于数据挖掘的Web应用入侵异常检测研究[D]. 武汉：华中科技大学, 2011. YU J F . Research on Anomaly Intrusion Detection of Web Application Based on Data Mining[D]. Wuhan： Huazhong University of Science and Technology, 2011.
[9]	张烜 . 基于应用层的DDoS 攻击检测防御技术研究[D]. 北京：北京邮电大学, 2009. ZHANG H . Based on Application Layer DDoS Attack Detection De-Fense Technology Research[D]. Beijing： Beijing University of Posts and Telecommunications, 2009.
[10]	毛丽玮 . 基于BP神经网络的产能建设单井效益评价研究[D]. 青岛：中国石油大学(华东), 2012. MAO L W . Research into the Evaluation of Oil Well Performance in Productivity Construction Based on the BP Neural Network[D]. Qingdao： China university of Petroleum(East China), 2012.
[11]	王秀芳，王岩 . 优化K均值随机初始中点的改进算法[J]. 化工自动化及仪表， 2012,39(10): 1302-1304. WANG X F , WANG Y . Optimize K-means random initial midpoint algorithm[J]. Chemical industry automation and instrumentation, 2012,39(10): 1302-1304.
[12]	谢逸，余顺争 . 基于Web用户浏览行为的统计异常检测[J]. 软件学报， 2007,18(4): 967-977. XIE Y , YU S Z . A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors[J]. IEEE/ACM Trans Netw, 2009,17(1): 54-65.
[13]	KHATTAB S , GOBRIEL S , MELHEM R , et al. Live baiting for ser-vice-level DoS attackers[A]. Proc of the Infocom[C]. 2008. 682-690.
[14]	徐鹏 . 通用应用层 DDoS 检测防护模型的研究[D]. 南京：南京理工大学, 2008. XV P . General Protective Model of Application Layer DDoS Detec-tion[D]. Nanjing： Nanjing University of Science and Technology, 2008.
[15]	谢亚 . 基于模糊综合评判的应用层 DDOS 攻击检测方法研究[D]. 成都：西南交通大学, 2012. XIE Y . Research on Anomaly Intrusion Detection of Web Application Based on Data Mining[D]. Chengdu： Southwest Jiaotong University, 2009.
[16]	张伟，范宽，张梦媛 . 基于D-S证据理论应用层DDOS攻击检测[J]. 江苏科技大学学报(自然科学版), 2012,26(3): 295-299. ZHANG W , FAN K , ZHANG M Y An application layer DDoS attack detection method based on D-S evidence theory[J]. Journal of Jiangsu University of Science and Technology(Natural Science Edition), 2012,26(3): 295-299.
[17]	LEE S , SUNG J , KIM D . Incremental update of linear appearance models and its application to AAM: incremental AAM[A]. Lecture Notes Computer Science[C]. Victoria B C, Canada, 2007. 538-547.
[18]	YATAGAI T , ISOHARA T , SASASE I . Detection of HTTP-GET flood attack based on analysis of page access behavior[A]. Proceedings IEEE Pacific RIM Conference on Communications. Computers and Signal Processing[C]. Victoria B C, Canada, 2007. 232-235.
[19]	XUAN Y , SHIN I , THAIMT E T A L . Detecting application de-nial-of-service attacks: a group-testing-based approach[J]. IEEE Trans on Parallel and Distributed Systems, 2010,21(8): 1203-1216.

Metrics

Recommended 0

No Suggested Reading articles found!

文件名称	内容
cti_cod.txt	所有Web页面
cti_nav.txt	会话预处理信息
cti_std.txt	会话—页面时长矩阵
cti_tra.txt	会话访问无重复序列
cti_stats.txt	原始数据记录的统计信息

数据集名称	请求数目	会话数	页面数
dataSet_train	58361	9674	411
dataSet_normal_test	20146	4071	233

数据集名称	请求数目	会话数	页面数
dataSet_attack_test	29418	5000	53

重要参数	设定值
隶属度函数边界值[a,c]	0～7
权重矩阵一致性指标CR	0.1
权重矩阵元素标度范围	1～9

重要参数	设定值
序列长度阈值T0	50
正常度范围	-3～-7
阈值判断的左右阈值	-12.3～-2.2

App-DDoS detection method based on K-means multiple principal component analysis

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 19

Related Articles 15

Metrics

Recommended 0

重要参数	设定值
平均请求时间间隔参数x	0.9
置信度区间	0.0689～0.1478

攻击类型	40线程/间隔7秒				80线程/间隔4秒				120线程/间隔1秒
攻击类型	KMPCAA	FSE	HsMM	D-S	KMPCAA	FSE	HsMM	D-S	KMPCAA	FSE	HsMM	D-S
主页面攻击	58.4	55.4	55.5	70.8	87.6	83.4	81.7	78.1	85.2	83.4	87.1	80.8
随机页面攻击	55.5	50.2	59.3	68.3	84.7	68.2	86.5	75.6	90.3	70.4	89.9	82.3
主流页面攻击	57.1	58	53.4	62.1	86.3	83	79.6	69.4	91.9	88.0	85.0	76.1
重复序列发送	54.2	55.2	59.0	55.0	83.4	74.2	85.2	72.3	89.6	75.2	90.6	79
平均检测率	56.3	57.2	57.1	64.6	85.5	75.2	83.3	73.9	89.1	82.2	87.7	80.6

数据集名称	请求数目x	会话数	页面数
高访问量	x＞10	1203	53
中访问量	5≤x＜10	2355	181
低访问量	x＜5	713	26

误报率	检测算法
误报率	KMPCAA	FSE	HsMM	D-S
高访问量	5.1	7.1	5.3	8.8
中访问量	3.5	5.2	3.9	4.7
低访问量	1.1	1.4	0.9	2.2
平均	4.1	5.6	4.3	6.5

[1]	Jingbo LI, Li MA, Yang LI, Yingxun FU, Dongchao MA. Optimized design of sensing transmission and computing collaborative industrial Internet [J]. Journal on Communications, 2023, 44(6): 12-22.
[2]	Yingze LIU, Yuanbo GUO, Chen FANG, Yongfei LI, Qingli CHEN. Intelligent planning method for cyber defense strategies based on bounded rationality [J]. Journal on Communications, 2023, 44(5): 52-63.
[3]	Guoliang XU, Feng TAN, Yongyi RAN, Feng CHEN. Joint beam hopping and coverage control optimization algorithm for multibeam satellite system [J]. Journal on Communications, 2023, 44(4): 78-86.
[4]	Xin SUN, Guifu ZHANG, Hongyan XING, Wang Zenghui. Research on intrusion detection for maritime meteorological sensor network based on balancing generative adversarial network [J]. Journal on Communications, 2023, 44(4): 124-136.
[5]	Zhongyong WANG, Zhenghao LI, Kexian GONG, Peng SUN, Qingtao LI. Reconstruction of LDPC code check matrix based on random extraction at high bit error rate [J]. Journal on Communications, 2023, 44(3): 128-137.
[6]	Jian SHU, Jiawei SHI, Linlan LIU, Al-Kali Manar. Topology prediction for opportunistic network based on spatiotemporal convolution [J]. Journal on Communications, 2023, 44(3): 145-156.
[7]	Yi GUO, Yiqing WANG, Yuanyuan FAN, Gang LIU. OFDM transmission scheme with subcarrier supply index modulation [J]. Journal on Communications, 2023, 44(2): 104-111.
[8]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[9]	Shengbao WANG, Xin ZHOU, Kang WEN, Bosen WENG. Tripartite authenticated key exchange protocol for smart grid [J]. Journal on Communications, 2023, 44(2): 210-218.
[10]	Qihan ZHANG, Xiaoxue GONG, Rui LI, Xin LI, Shanguo HUANG, Lei GUO. All-optical pattern matching system of 42 Gbit/s 4-bit BPSK signals and its demonstration for optoelectronic firewall [J]. Journal on Communications, 2022, 43(7): 31-40.
[11]	Yanfei SUN, Jiazheng YIN, Jin QI, Xiaoxuan HU, Mengting CHEN, Zhenjiang DONG. Topology control based on dynamic graph embedding in Internet of vehicles [J]. Journal on Communications, 2022, 43(6): 133-142.
[12]	Hua REN, Shaozhang NIU, Ruyong REN, Zhen YUE. Research on meaningful image encryption algorithm based on 2-dimensional compressive sensing [J]. Journal on Communications, 2022, 43(5): 45-57.
[13]	Xiaofeng FENG, Jianfeng XU, Chuan HE. Dynamic generalized principal component analysis with applications to fault subspace modeling [J]. Journal on Communications, 2022, 43(5): 92-101.
[14]	Jingge FENG, Yeping HE, Qiuming TAO. Auto-vectorization: recent development and prospect [J]. Journal on Communications, 2022, 43(3): 180-195.
[15]	Hongyu YANG, Haihang YUAN, Liang ZHANG. Host security assessment method based on attack graph [J]. Journal on Communications, 2022, 43(2): 89-99.