电子学报 ›› 2022, Vol. 50 ›› Issue (2): 508-512.DOI: 10.12263/DZXB.20210009
周奕涛1,2, 张斌1,2, 刘自豪3
收稿日期:
2020-12-22
修回日期:
2021-11-12
出版日期:
2022-02-25
发布日期:
2022-02-25
作者简介:
基金资助:
ZHOU Yi-tao1,2, ZHANG Bin1,2, LIU Zi-hao3
Received:
2020-12-22
Revised:
2021-11-12
Online:
2022-02-25
Published:
2022-02-25
摘要:
为进一步提升应用层DDoS攻击检测准确率,提出一种将流量与用户行为特征相结合且模型参数可高效更新的应用层DDoS攻击检测模型.为统一处理流量与用户行为特征的异源数据,利用多模态深度(Multimodal Deep Learning,MDL)神经网络从数据流量与网页日志中提取流量与用户行为深层特征后输入汇聚深度神经网络进行检测.为减少MDL神经网络参数更新时的灾难性遗忘现象,在模型参数更新过程中基于弹性权重保持(Elastic Weight Consolidation,EWC)算法为重要模型参数增加惩罚项,保持对初始训练数据集检测准确率的同时,提升对新数据集的检测性能.最后,基于K-Means算法获得模型初始训练数据集聚类,并筛选出新数据集中聚类外数据进行模型参数更新,防止EWC算法因数据相关性过高而失效.实验表明,所提应用层DDoS检测模型检测准确率可达98.2%,且相对MLP_Whole方法模型参数更新性能较好.
中图分类号:
周奕涛, 张斌, 刘自豪. 基于多模态深度神经网络的应用层DDoS攻击检测模型[J]. 电子学报, 2022, 50(2): 508-512.
ZHOU Yi-tao, ZHANG Bin, LIU Zi-hao. Application Layer DDoS Detection Model Based on Multimodal Deep Learning Neural Network[J]. Acta Electronica Sinica, 2022, 50(2): 508-512.
方法 | Dataset_Old | Dataset_New | 更新开销 | ||||||
---|---|---|---|---|---|---|---|---|---|
Accuracy/% | AUC | F1 | Accuracy/% | AUC | F1 | Time/s | Memory/MB | ||
场 景 1 | MLP_Whole | 97.01 | 0.978 9 | 0.907 8 | 98.66 | 0.987 1 | 0.993 1 | 718.53 | 11 874.22 |
MLP_New | 96.68 | 0.977 5 | 0.899 9 | 99.43 | 0.999 1 | 0.996 8 | 128.28 | 7 467.34 | |
EWC-UD | 97.05 | 0.979 8 | 0.909 5 | 99.54 | 0.999 2 | 0.997 5 | 143.32 | 8 541.24 | |
场 景 2 | MLP_Whole | 97.02 | 0.984 4 | 0.908 9 | 98.51 | 0.879 4 | 0.992 3 | 161.93 | 8 330.96 |
MLP_New | 54.75 | 0.932 0 | 0.428 7 | 99.78 | 0.999 5 | 0.998 9 | 36.16 | 3 771.53 | |
EWC-UD | 95.32 | 0.976 6 | 0.865 0 | 99.73 | 0.999 3 | 0.998 6 | 38.45 | 5 697.93 |
表1 各类检测模型参数更新方法性能
方法 | Dataset_Old | Dataset_New | 更新开销 | ||||||
---|---|---|---|---|---|---|---|---|---|
Accuracy/% | AUC | F1 | Accuracy/% | AUC | F1 | Time/s | Memory/MB | ||
场 景 1 | MLP_Whole | 97.01 | 0.978 9 | 0.907 8 | 98.66 | 0.987 1 | 0.993 1 | 718.53 | 11 874.22 |
MLP_New | 96.68 | 0.977 5 | 0.899 9 | 99.43 | 0.999 1 | 0.996 8 | 128.28 | 7 467.34 | |
EWC-UD | 97.05 | 0.979 8 | 0.909 5 | 99.54 | 0.999 2 | 0.997 5 | 143.32 | 8 541.24 | |
场 景 2 | MLP_Whole | 97.02 | 0.984 4 | 0.908 9 | 98.51 | 0.879 4 | 0.992 3 | 161.93 | 8 330.96 |
MLP_New | 54.75 | 0.932 0 | 0.428 7 | 99.78 | 0.999 5 | 0.998 9 | 36.16 | 3 771.53 | |
EWC-UD | 95.32 | 0.976 6 | 0.865 0 | 99.73 | 0.999 3 | 0.998 6 | 38.45 | 5 697.93 |
抽样比例 | 平均准确率/% | F1-Score | Recall/% | Precision/% | ||||
---|---|---|---|---|---|---|---|---|
K-Means | Normal | K-Means | Normal | K-Means | Normal | K-Means | Normal | |
1% | 95.89 | 90.99 | 0.940 1 | 0.892 7 | 92.62 | 80.77 | 95.45 | 83.85 |
2% | 96.13 | 86.80 | 0.925 9 | 0.757 6 | 93.04 | 82.22 | 92.14 | 74.54 |
3% | 92.79 | 87.82 | 0.876 7 | 0.704 8 | 93.30 | 83.98 | 83.56 | 73.54 |
4% | 96.93 | 68.67 | 0.922 7 | 0.367 7 | 92.62 | 44.27 | 95.45 | 31.71 |
5% | 91.07 | 66.56 | 0.844 2 | 0.283 9 | 93.26 | 24.86 | 77.15 | 20.01 |
表2 K-Means数据筛选方法性能验证
抽样比例 | 平均准确率/% | F1-Score | Recall/% | Precision/% | ||||
---|---|---|---|---|---|---|---|---|
K-Means | Normal | K-Means | Normal | K-Means | Normal | K-Means | Normal | |
1% | 95.89 | 90.99 | 0.940 1 | 0.892 7 | 92.62 | 80.77 | 95.45 | 83.85 |
2% | 96.13 | 86.80 | 0.925 9 | 0.757 6 | 93.04 | 82.22 | 92.14 | 74.54 |
3% | 92.79 | 87.82 | 0.876 7 | 0.704 8 | 93.30 | 83.98 | 83.56 | 73.54 |
4% | 96.93 | 68.67 | 0.922 7 | 0.367 7 | 92.62 | 44.27 | 95.45 | 31.71 |
5% | 91.07 | 66.56 | 0.844 2 | 0.283 9 | 93.26 | 24.86 | 77.15 | 20.01 |
1 | 孙长华, 刘斌. 分布式拒绝服务攻击研究新进展综述[J]. 电子学报, 2009, 37(7): 1562-1570. |
SUN Chang-hua, LIU Bin. Survey on new solutions against distributed denial of service attacks[J]. Acta Electronica Sinica, 2009, 37(7): 1562-1570. (in Chinese) | |
2 | SARAVANAN A, BAMA S, KADRY S, et al. A new framework to alleviate DDoS vulnerabilities in cloud computing[J]. International Journal of Electrical & Computer Engineering, 2019, 9(5): 4163-4175. |
3 | GULIHAR P, GUPTA B B. Cooperative Mechanisms for Defending Distributed Denial of Service(DDoS) Attacks[M]//Handbook of Computer Networks and Cyber Security. Germany: Springer, 2020: 421-443. |
4 | PRASEED A, THILAGAM P S. DDoS attacks at the application layer: Challenges and research perspectives for safeguarding Web applications[J]. IEEE Communications Surveys & Tutorials, 2018, 21(1): 661-685. |
5 | 张斌, 刘自豪, 董书琴, 等. 基于偏二叉树SVM多分类算法的应用层DDoS检测方法[J]. 网络与信息安全学报, 2018, 4(3): 24-34. |
ZHANG Bin, LIU Zi-hao, DONG Shu-qin, et al. App-DDoS detection method using partial binary tree based SVM algorithm[J]. Journal of Network and Information Security, 2018, 4(3): 24-34. (in Chinese) | |
6 | LIN H, CAO S, WU J, et al. Identifying application-layer DDoS attacks based on request rhythm matrices[J]. IEEE Access, 2019, 7: 164480-164491. |
7 | JIANG J, YU Q, YU M, et al. ALDD: A hybrid traffic-user behavior detection method for application layer DDoS[C]//The 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering. Piscataway, NJ: IEEE, 2018: 1565-1569. |
8 | LI B, GAO M, MA L, et al. Web application-layer DDoS attack detection based on generalized Jaccard similarity and information entropy[C]//International Conference on Artificial Intelligence and Security. Germany: Springer, 2019: 576-585. |
9 | 刘自豪, 张斌, 祝宁, 等. 基于改进AP聚类算法的自学习应用层DDoS检测方法[J]. 计算机研究与发展, 2018, 44(5): 729-736. |
LIU Zi-hao, ZHANG Bin, ZHU Ning, et al. Adaptive app-DDoS detection method based on improved AP algorithm[J]. Journal of Computer Research and Development, 2018, 44(5): 729-736. (in Chinese) | |
10 | FRENCH R M. Catastrophic forgetting in connectionist networks[J]. Trends in Cognitive Sciences, 1999, 3(4): 128-135. |
11 | KIRKPATRICK J, PASCANU R, RABINOWITZ N, et al. Overcoming catastrophic forgetting in neural networks[J]. Proceedings of the National Academy of Sciences, 2017, 114(13): 3521-3526. |
12 | JAZI H H, GONZALEZ H, STAKHANOVA N, et al. Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling[J]. Computer Networks, 2017, 121(1): 25-36. |
13 | SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//The 4th International Conference on Information Systems Security and Privacy. Germany: Springer, 2018: 108-116. |
14 | SHARAFALDIN I, LASHKARI A H, HAKAK S, et al. Developing realistic distributed denial of service(DDoS) attack dataset and taxonomy[C]//2019 International Carnahan Conference on Security Technology. Piscataway, NJ: IEEE, 2019: 1-8. |
[1] | 孟超, 周倩, 郭林, 王攀, 孙知信. 基于相关性传输模型的无线链路质量估计方法及路由优化算法[J]. 电子学报, 2022, (): 1-16. |
[2] | 易令, 李泽平. 基于深度强化学习的码率自适应算法研究[J]. 电子学报, 2022, 50(5): 1192-1200. |
[3] | 王志晓, 张磊, 孙成成, 芮晓彬, 黄珍珍, 张孙贤. 基于社区划分与连边逆序放回的网络分解算法[J]. 电子学报, 2022, 50(3): 540-547. |
[4] | 秦久人, 许长桥, 杨树杰, 高楷, 张宏科. 基于深度增强学习与子流耦合感知的多路传输控制机制[J]. 电子学报, 2022, 50(2): 346-357. |
[5] | 乐光学, 戴亚盛, 杨晓慧, 杨忠明, 马柏林, 刘建华. 海上边缘计算云边智能协同服务建模[J]. 电子学报, 2021, 49(12): 2407-2420. |
[6] | 崔玉亚, 张德干, 张婷, 杨鹏, 朱浩丽. 一种面向移动边缘计算的多用户细粒度任务卸载调度方法[J]. 电子学报, 2021, 49(11): 2202-2207. |
[7] | 焦贤龙, 郭松涛, 黎勇, 李艳涛, 向朝参. 基于相继干扰消除和跨层并发传输的物联网数据聚合调度[J]. 电子学报, 2021, 49(10): 1982-1992. |
[8] | 王健, 刘嘉欣, 赵国生, 赵中楠. 移动群智感知中基于协同排序的任务推荐方法[J]. 电子学报, 2021, 49(10): 2012-2019. |
[9] | 蒋万春, 廖凯琴. 节能以太网的节能策略综述[J]. 电子学报, 2021, 49(9): 1830-1839. |
[10] | 尚文利, 石贺, 赵剑明, 曾鹏. 基于SAE-LSTM的工艺数据异常检测方法[J]. 电子学报, 2021, 49(8): 1561-1568. |
[11] | 支婷, 刘颖, 周华春, 张宏科. 智慧标识网络服务机理研究进展及安全性分析[J]. 电子学报, 2021, 49(8): 1653-1664. |
[12] | 刘冰艺, 秦静, 熊盛武, 邓东晓, 吴黎兵, 程传奇. 一种结合雾计算的车辆通信网络碰撞避免TDMA MAC协议[J]. 电子学报, 2021, 49(5): 843-850. |
[13] | 徐川, 胡渝, 韩珍珍, 熊郑英, 赵国锋. 基于链路效用的3D-VANET可靠路由算法[J]. 电子学报, 2021, 49(5): 872-878. |
[14] | 王莅晟, 伊鹏, 胡涛, 江逸茗, 胡静萍, 胡宗魁. SDN中基于全局拓扑感知的自适应流量均衡算法[J]. 电子学报, 2021, 49(5): 964-974. |
[15] | 杨超, 张红旗, 苏锦海, 胡浩, 赵丹, 王昉. 广域量子密钥网络分层路由方案[J]. 电子学报, 2021, 49(5): 975-983. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||