计算机与现代化

• 信息安全 • 上一篇    

一种基于BiLSTM的低速率DDoS攻击检测方法

  

  1. (1.贵州大学计算机科学与技术学院,贵州贵阳550025;2.贵州省公共大数据重点实验室,贵州贵阳550025)
  • 收稿日期:2020-01-19 出版日期:2020-05-20 发布日期:2020-05-21
  • 作者简介:蒋万明(1995-),男,贵州遵义人,硕士研究生,研究方向:网络与信息安全,E-mail: hyrzjwm@163.com; 郭春(1986-),男,湖南邵阳人,副教授,博士,研究方向:网络与信息安全,E-mail: gc_gzedu@163.com; 蒋朝惠(1965-),男,四川广安人,教授,硕士,研究方向:网络与信息安全,E-mail: jiangchaohui@126.com。
  • 基金资助:
    贵州省科技计划项目([2017]1051, [2018]3001); 河南省科技攻关计划项目(182102210123)

A Low-rate DDoS Attack Detection Method Based on BiLSTM

  1. (1. College of Computer Science and Technology, Guizhou University, Guiyang 550025, China;
    2. Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China)
  • Received:2020-01-19 Online:2020-05-20 Published:2020-05-21

摘要: 低速率分布式拒绝服务(Low-rate Distributed Denial of Service, LDDoS)攻击是一种新型的DDoS攻击方式,因其具有低速率、周期性和隐蔽性等特点,可躲避传统的DDoS攻击检测技术,更加难于检测和防御。本文提出一种基于特征选择和双向长短期记忆(Bidirectional Long Short Term Memory, BiLSTM)神经网络结合的LDDoS攻击检测方法。该方法使用分层交叉验证的递归特征消除(Recursive Feature Elimination CV, REFCV)特征选择算法挖掘双向流中最优的11个特征集合作为神经网络的输入,建立基于BiLSTM神经网络模型的LDDoS攻击检测分类器进行分类,达到LDDoS攻击检测的目的。实验结果表明该方法比卡尔曼滤波和NCAS算法有较高的检测率,误报率和漏报率都很低。

关键词: 低速率, DDoS, BiLSTM, 特征选择

Abstract:  Low-rate distributed denial of service (LDDoS) attack is a new type of DDoS attack. Because of its characteristics of low-rate, periodicity and concealment, it avoids the traditional detection technology of DDoS attack and is more difficult to be detected and defended. This paper proposes a LDDoS attack detection method based on feature selection and bidirectional long short term memory (BiLSTM) neural network. In this method, recursive feature elimination CV (REFCV) feature selection algorithm of layered cross validation is used to mine the optimal 11 feature sets in two-way flow as input to the neural network, and a LDDoS attack detection classifier based on BiLSTM neural network model is established for classification, which achieves the purpose of LDDoS attack detection. Experimental results show that this method has higher detection rate than Kalman filter and NCAS algorithm, and lower false positive rate and false negative rate.

Key words: low-rate, DDoS, BiLSTM, feature selection

中图分类号: