一种基于BiLSTM的低速率DDoS攻击检测方法

doi:10.3969/j.issn.1006-2475.2020.05.020

计算机与现代化 ›› 2020, Vol. 0 ›› Issue (05): 120-.doi: 10.3969/j.issn.1006-2475.2020.05.020

• 信息安全 • 上一篇

一种基于BiLSTM的低速率DDoS攻击检测方法

(1.贵州大学计算机科学与技术学院，贵州贵阳550025;2.贵州省公共大数据重点实验室，贵州贵阳550025)

收稿日期:2020-01-19 出版日期:2020-05-20 发布日期:2020-05-21
作者简介:蒋万明(1995-)，男，贵州遵义人，硕士研究生，研究方向：网络与信息安全，E-mail: hyrzjwm@163.com; 郭春(1986-)，男，湖南邵阳人，副教授，博士，研究方向：网络与信息安全，E-mail: gc_gzedu@163.com; 蒋朝惠(1965-)，男，四川广安人，教授，硕士，研究方向：网络与信息安全，E-mail: jiangchaohui@126.com。
基金资助:
贵州省科技计划项目(［2017］1051, ［2018］3001); 河南省科技攻关计划项目(182102210123)

A Low-rate DDoS Attack Detection Method Based on BiLSTM

(1. College of Computer Science and Technology, Guizhou University, Guiyang 550025, China;
2. Guizhou Provincial Key Laboratory of Public Big Data, Guiyang 550025, China)

Received:2020-01-19 Online:2020-05-20 Published:2020-05-21

摘要/Abstract

摘要： 低速率分布式拒绝服务（Low-rate Distributed Denial of Service, LDDoS）攻击是一种新型的DDoS攻击方式，因其具有低速率、周期性和隐蔽性等特点，可躲避传统的DDoS攻击检测技术，更加难于检测和防御。本文提出一种基于特征选择和双向长短期记忆（Bidirectional Long Short Term Memory, BiLSTM）神经网络结合的LDDoS攻击检测方法。该方法使用分层交叉验证的递归特征消除（Recursive Feature Elimination CV, REFCV）特征选择算法挖掘双向流中最优的11个特征集合作为神经网络的输入，建立基于BiLSTM神经网络模型的LDDoS攻击检测分类器进行分类，达到LDDoS攻击检测的目的。实验结果表明该方法比卡尔曼滤波和NCAS算法有较高的检测率，误报率和漏报率都很低。

关键词: 低速率, DDoS, BiLSTM, 特征选择

Abstract: Low-rate distributed denial of service (LDDoS) attack is a new type of DDoS attack. Because of its characteristics of low-rate, periodicity and concealment, it avoids the traditional detection technology of DDoS attack and is more difficult to be detected and defended. This paper proposes a LDDoS attack detection method based on feature selection and bidirectional long short term memory (BiLSTM) neural network. In this method, recursive feature elimination CV (REFCV) feature selection algorithm of layered cross validation is used to mine the optimal 11 feature sets in two-way flow as input to the neural network, and a LDDoS attack detection classifier based on BiLSTM neural network model is established for classification, which achieves the purpose of LDDoS attack detection. Experimental results show that this method has higher detection rate than Kalman filter and NCAS algorithm, and lower false positive rate and false negative rate.

Key words: low-rate, DDoS, BiLSTM, feature selection

中图分类号:

TP393.08

蒋万明1,2，郭春1,2，蒋朝惠1,2. 一种基于BiLSTM的低速率DDoS攻击检测方法[J]. 计算机与现代化, 2020, 0(05): 120-.

JIANG Wan-ming1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Low-rate DDoS Attack Detection Method Based on BiLSTM[J]. Computer and Modernization, 2020, 0(05): 120-.

参考文献

［1］ KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks: The shrew vs. the mice and elephants［C］// Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 2003:75-86.
［2］ KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks and counter strategies［J］. IEEE/ACM Transactions on Networking, 2006,14(4):683-696.
［3］文坤,杨家海,张宾. 低速率拒绝服务攻击研究与进展综述［J］. 软件学报, 2014,25(3):591-605.
［4］张长旺,殷建平,蔡志平,等. 基于拥塞参与度的分布式低速率DoS攻击检测过滤方法［J］. 计算机工程与科学, 2010,32(7):49-52.
［5］ XIANG Y, LI K, ZHOU W L. Low-rate DDoS attacks detection and traceback by using new information metrics［J］. IEEE Transactions on Information Forensics and Security, 2011,6(2):426-437.〖HJ1.25mm〗
［6］ JADHAV P N, PATIL B M. Low-rate DDOS attack detection using optimal objective entropy method［J］. International Journal of Computer Applications, 2013,78(3):33-38.
［7］ SIMSEK M. A new metric for flow-level filtering of low-rate DDoS attacks［J］. Security and Communication Networks, 2015,8(18):3815-3825.
［8］ HOQUE N, BHATTACHARYYA D K, KALITA J K. FFSc: A novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis［J］. Security and Communication Networks, 2016,9(13):2032-2041.
［9］ ZHOU L, LIAO M C, YUAN C, et al. Low-rate DDoS attack detection using expectation of packet size［J］. Security and Communication Networks, 2017, DOI: 10.1155/2017/3691629.
［10］KAUR G, SAXENA V, GUPTA J P. Detection of TCP targeted high bandwidth attacks using self-similarity［J］. Journal of King Saud University: Computer and Information Sciences, 2020,32(1):35-49.
［11］何炎祥,曹强,刘陶,等. 一种基于小波特征提取的低速率DoS检测方法［J］. 软件学报, 2009,20(4):930-941.
［12］FENG Y K, HORI Y, SAKURAI K, et al. A behavior-based detection method for outbreaks of low-rate attacks［C］// Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet. 2012:267-272.
［13］TANG D, CHEN K, CHEN X S, et al. A new collaborative detection method for LDoS attacks［J］. Journal of Networks, 2014,9(10):2674-2681.
［14］COTAE P, KANG M, VELAZQUEZ A. Spectral analysis of low rate of denial of service attacks detection based on Fisher and Siegel tests［C］// Proceedings of the 2016 IEEE International Conference on Communications. 2016, DOI: 10.1109/ICC.2016.7510884.
［15］WU Z J, ZHANG L Y, YUE M. Low-rate DoS attacks detection based on network multifractal［J］. IEEE Transactions on Dependable and Secure Computing, 2016,13(5):559-567.
［16］SALAMEA C R, D’HARO L F, CORDOBA R. Language recognition using neural phone embeddings and RNNLMs［J］. IEEE Latin America Transactions, 2018,16(7):2033-2039.
［17］KHAN A, SARFARAZ A. RNN-LSTM-GRU based language transformation［J］. Soft Computing, 2019,23(24):13007-13024.
［18］NICHOLAS L, OOI S Y, PANG Y H, et al. Study of long short-term memory in flow-based network intrusion detection system［J］. Journal of Intelligent and Fuzzy Systems, 2018,35(6):5947-5957.
［19］GitHub. CICFlowMeter［EB/OL］. ［2019-11-21］. https://github.com/ahlashkari/CICFlowMeter.
［20］魏贞原. 机器学习: Python实践［M］. 北京:电子工业出版社, 2018:71-74.
［21］李洋,董红斌. 基于CNN和BiLSTM网络特征融合的文本情感分析［J］. 计算机应用, 2018,38(11):3075-3080.
［22］CHEN Y, HWANG K, KWOK Y K. Collaborative defense against periodic shrew DDoS attacks in frequency domain［J］. ACM Transactions on Information and System Security, 2005.
［23］吴志军,岳猛. 基于卡尔曼滤波的LDDoS攻击检测方法［J］. 电子学报, 2008,36(8):1590-1594.

[1]	赵盾1, 佘学兵2, 邬昌兴3. 基于BERT-BiLSTM-CRF党建领域命名实体识别[J]. 计算机与现代化, 2024, 0(09): 91-94.
[2]	苏凯旋. 基于改进XGBoost模型的网络入侵检测研究[J]. 计算机与现代化, 2024, 0(06): 109-114.
[3]	罗澍寰, 孙武, 游杰, 王伟, 胡必伟, 姜南. 基于可见-近红外光谱法无损检测梨总酸含量[J]. 计算机与现代化, 2024, 0(05): 80-84.
[4]	魏鑫, 何小海, 滕奇志, 卿粼波, 陈洪刚. 基于BERT-BiLSTM-Attention混合模型的事件抽取方法[J]. 计算机与现代化, 2023, 0(04): 26-31.
[5]	王扬, 陈梅, 李晖. FOCoR:一种基于特征选择优化的课程推荐技术[J]. 计算机与现代化, 2022, 0(10): 1-7.
[6]	赵迎利, 朱旭. 基于组稀疏联合学习的影像遗传学数据关联分析[J]. 计算机与现代化, 2022, 0(08): 43-49.
[7]	莫云. 基于混合特征选择的脑电解码方法[J]. 计算机与现代化, 2022, 0(04): 92-96.
[8]	赵延平, 王芳, 夏杨. 基于支持向量机的短文本分类方法[J]. 计算机与现代化, 2022, 0(02): 92-96.
[9]	王运乾, 王以松, 陈攀峰, 邹龙. 融合注意力机制的药用植物文本命名实体识别[J]. 计算机与现代化, 2021, 0(11): 100-105.
[10]	张东方, 陈海燕, 袁立罡. S2R2:基于相关性与冗余性分析的半监督特征选择[J]. 计算机与现代化, 2021, 0(09): 113-120.
[11]	代继鹏, 邵峰晶, 孙仁诚. 基于改进CHI和TF-IDF的短文本分类的研究[J]. 计算机与现代化, 2021, 0(06): 6-11.
[12]	陈丝雨, 庄毅, 李静. 基于LSTM网络的移动云计算多元负载预测模型[J]. 计算机与现代化, 2021, 0(06): 74-85.
[13]	杨秋良, 王钰, 杨杏丽, 李济洪. 基于互信息F统计量特征选择技术的地基气象云图分类[J]. 计算机与现代化, 2021, 0(02): 18-23.
[14]	侯佳正, 张绍阳, 鱼昆. 基于问答交互的答案句选择算法[J]. 计算机与现代化, 2021, 0(01): 120-126.
[15]	彦逸，李波，陈守明，林强，黄巨涛，温柏坚. 一种面向反馈网络的因果特征选择算法及其应用[J]. 计算机与现代化, 2019, 0(12): 95-.

一种基于BiLSTM的低速率DDoS攻击检测方法

A Low-rate DDoS Attack Detection Method Based on BiLSTM

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价