A Low-rate DDoS Attack Detection Method Based on BiLSTM

doi:10.3969/j.issn.1006-2475.2020.05.020

Abstract

Abstract: Low-rate distributed denial of service (LDDoS) attack is a new type of DDoS attack. Because of its characteristics of low-rate, periodicity and concealment, it avoids the traditional detection technology of DDoS attack and is more difficult to be detected and defended. This paper proposes a LDDoS attack detection method based on feature selection and bidirectional long short term memory (BiLSTM) neural network. In this method, recursive feature elimination CV (REFCV) feature selection algorithm of layered cross validation is used to mine the optimal 11 feature sets in two-way flow as input to the neural network, and a LDDoS attack detection classifier based on BiLSTM neural network model is established for classification, which achieves the purpose of LDDoS attack detection. Experimental results show that this method has higher detection rate than Kalman filter and NCAS algorithm, and lower false positive rate and false negative rate.

Key words: low-rate, DDoS, BiLSTM, feature selection

CLC Number:

TP393.08

JIANG Wan-ming1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Low-rate DDoS Attack Detection Method Based on BiLSTM[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2020.05.020.

References ［23］

［1］	KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks: The shrew vs. the mice and elephants［C］// Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 2003:75-86.
［2］	KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks and counter strategies［J］. IEEE/ACM Transactions on Networking, 2006,14(4):683-696.
［3］	文坤,杨家海,张宾. 低速率拒绝服务攻击研究与进展综述［J］. 软件学报, 2014,25(3):591-605.
［4］	张长旺,殷建平,蔡志平,等. 基于拥塞参与度的分布式低速率DoS攻击检测过滤方法［J］. 计算机工程与科学, 2010,32(7):49-52.
［5］	XIANG Y, LI K, ZHOU W L. Low-rate DDoS attacks detection and traceback by using new information metrics［J］. IEEE Transactions on Information Forensics and Security, 2011,6(2):426-437.〖HJ1.25mm〗
［6］	JADHAV P N, PATIL B M. Low-rate DDOS attack detection using optimal objective entropy method［J］. International Journal of Computer Applications, 2013,78(3):33-38.
［7］	SIMSEK M. A new metric for flow-level filtering of low-rate DDoS attacks［J］. Security and Communication Networks, 2015,8(18):3815-3825.
［8］	HOQUE N, BHATTACHARYYA D K, KALITA J K. FFSc: A novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis［J］. Security and Communication Networks, 2016,9(13):2032-2041.
［9］	ZHOU L, LIAO M C, YUAN C, et al. Low-rate DDoS attack detection using expectation of packet size［J］. Security and Communication Networks, 2017, DOI: 10.1155/2017/3691629.
［10］	KAUR G, SAXENA V, GUPTA J P. Detection of TCP targeted high bandwidth attacks using self-similarity［J］. Journal of King Saud University: Computer and Information Sciences, 2020,32(1):35-49.
［11］	何炎祥,曹强,刘陶,等. 一种基于小波特征提取的低速率DoS检测方法［J］. 软件学报, 2009,20(4):930-941.
［12］	FENG Y K, HORI Y, SAKURAI K, et al. A behavior-based detection method for outbreaks of low-rate attacks［C］// Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet. 2012:267-272.
［13］	TANG D, CHEN K, CHEN X S, et al. A new collaborative detection method for LDoS attacks［J］. Journal of Networks, 2014,9(10):2674-2681.
［14］	COTAE P, KANG M, VELAZQUEZ A. Spectral analysis of low rate of denial of service attacks detection based on Fisher and Siegel tests［C］// Proceedings of the 2016 IEEE International Conference on Communications. 2016, DOI: 10.1109/ICC.2016.7510884.
［15］	WU Z J, ZHANG L Y, YUE M. Low-rate DoS attacks detection based on network multifractal［J］. IEEE Transactions on Dependable and Secure Computing, 2016,13(5):559-567.
［16］	SALAMEA C R, D’HARO L F, CORDOBA R. Language recognition using neural phone embeddings and RNNLMs［J］. IEEE Latin America Transactions, 2018,16(7):2033-2039.
［17］	KHAN A, SARFARAZ A. RNN-LSTM-GRU based language transformation［J］. Soft Computing, 2019,23(24):13007-13024.
［18］	NICHOLAS L, OOI S Y, PANG Y H, et al. Study of long short-term memory in flow-based network intrusion detection system［J］. Journal of Intelligent and Fuzzy Systems, 2018,35(6):5947-5957.
［19］	GitHub. CICFlowMeter［EB/OL］. ［2019-11-21］. https://github.com/ahlashkari/CICFlowMeter.
［20］	魏贞原. 机器学习: Python实践［M］. 北京:电子工业出版社, 2018:71-74.
［21］	李洋,董红斌. 基于CNN和BiLSTM网络特征融合的文本情感分析［J］. 计算机应用, 2018,38(11):3075-3080.
［22］	CHEN Y, HWANG K, KWOK Y K. Collaborative defense against periodic shrew DDoS attacks in frequency domain［J］. ACM Transactions on Information and System Security, 2005.
［23］	吴志军,岳猛. 基于卡尔曼滤波的LDDoS攻击检测方法［J］. 电子学报, 2008,36(8):1590-1594.

[1]	ZHENG Li-rui, XIAO Xiao-xia, ZOU Bei-ji, LIU Bin, ZHOU Zhan. Named Entity Recognition in Electronic Medical Record Based on BERT [J]. Computer and Modernization, 2024, 0(01): 87-91.
[2]	WEI Xin, HE Xiao-hai, TENG Qi-zhi, QING Lin-bo, CHEN Hong-gang. Event Extraction Method Based on BERT-BiLSTM-Attention Hybrid Model [J]. Computer and Modernization, 2023, 0(04): 26-31.
[3]	ZHU Ya-jun, Yong Tso, Nyima Tashi, . Tibetan Medical Entity Recognition Based on Tibetan BERT [J]. Computer and Modernization, 2023, 0(01): 43-48.
[4]	WANG Yang, CHEN Mei, LI Hui. FOCoR: A Course Recommendation Approach Based on Feature Selection Optimization [J]. Computer and Modernization, 2022, 0(10): 1-7.
[5]	ZHAO Ying-li, ZHU Xu. Association Analysis of Image Genetic Data Based on Group Sparse Joint Leraning [J]. Computer and Modernization, 2022, 0(08): 43-49.
[6]	MO Yun. EEG Decoding Method Based on Hybrid Feature Selection [J]. Computer and Modernization, 2022, 0(04): 92-96.
[7]	ZHAO Yan-ping, WANG Fang, XIA Yang. Short Text Classification Method Based on Support Vector Machine [J]. Computer and Modernization, 2022, 0(02): 92-96.
[8]	WANG Yun-qian, WANG Yi-song, CHEN Pan-feng, ZOU Long. Named Entity Recognition of Medicinal Plant Texts Integrated with Attention Mechanism [J]. Computer and Modernization, 2021, 0(11): 100-105.
[9]	ZHANG Dong-fang, CHEN Hai-yan, YUAN Li-gang. S2R2: Semi-supervised Feature Selection Based on Analysis of Relevance and Redundancy [J]. Computer and Modernization, 2021, 0(09): 113-120.
[10]	DAI Ji-peng, SHAO Feng-jing, SUN Ren-cheng. Short Text Classification Based on Improved CHI and TF-IDF [J]. Computer and Modernization, 2021, 0(06): 6-11.
[11]	CHEN Si-yu, ZHUANG Yi, LI Jing. Multi Feature Load Forecasting Model for LSTM Network in Mobile Cloud Computing [J]. Computer and Modernization, 2021, 0(06): 74-85.
[12]	YANG Qiu-liang, WANG Yu, YANG Xing-li, LI Ji-hong. Classification of Ground-based Meteorological Cloud Images Based on Feature Selection Technique of Mutual Information F-statistics [J]. Computer and Modernization, 2021, 0(02): 18-23.
[13]	WANG Wen-wei, XIAO Jun-bi, CHENG Peng, ZHANG Yue. SDN-based DDoS Attack Defense System [J]. Computer and Modernization, 2021, 0(02): 117-121.
[14]	XU Meng-di, WANG Jin-hua. Requirements Document Named Entity Recognition Based on Deep Learning and Grammatical Regulations [J]. Computer and Modernization, 2021, 0(01): 105-110.
[15]	HOU Jia-zheng, ZHANG Shao-yang, YU Kun. Algorithm of Answer Sentence Selection Based on Q and A Interaction [J]. Computer and Modernization, 2021, 0(01): 120-126.