基于多模态深度神经网络的应用层DDoS攻击检测模型

周奕涛; 张斌; 刘自豪

doi:10.12263/DZXB.20210009

您当前的位置：

首页 >

文章列表页 >

基于多模态深度神经网络的应用层DDoS攻击检测模型

科研通信 | 更新时间：2025-12-08

- 基于多模态深度神经网络的应用层DDoS攻击检测模型
- Application Layer DDoS Detection Model Based on Multimodal Deep Learning Neural Network
- 电子学报 2022年50卷第2期页码：508-512
- 作者机构：
  
  1.战略支援部队信息工程大学，河南郑州 450001
  2.河南省信息安全重点实验室，河南郑州 450001
  3.61660部队，北京 100080
- 作者简介：
  
  [ "周奕涛男，1996年生，湖南怀化人，信息工程大学硕士.主要研究方向为应用层DDoS攻击检测.E-mail: zyt1996715@163.com" ]
  [ "张斌男，1969年生，河南郑州人.现为信息工程大学教授，博士生导师.主要研究方向为网络空间安全." ]
- 基金信息：
  
  信息保障技术重点实验室开放基金(KJ-15-109);信息工程大学新兴科研方向培育基金(2016604703);信息工程大学科研项目(2019f3303)
- DOI：10.12263/DZXB.20210009
  中图分类号： TP393
- 收稿：2020-12-22，
  
  修回：2021-11-12，
  
  纸质出版：2022-02-25
- 稿件说明：
移动端阅览
周奕涛,张斌,刘自豪.基于多模态深度神经网络的应用层DDoS攻击检测模型[J].电子学报,2022,50(02):508-512.

ZHOU Yi-tao,ZHANG Bin,LIU Zi-hao.Application Layer DDoS Detection Model Based on Multimodal Deep Learning Neural Network[J].ACTA ELECTRONICA SINICA,2022,50(02):508-512.
周奕涛,张斌,刘自豪.基于多模态深度神经网络的应用层DDoS攻击检测模型[J].电子学报,2022,50(02):508-512. DOI： 10.12263/DZXB.20210009.

ZHOU Yi-tao,ZHANG Bin,LIU Zi-hao.Application Layer DDoS Detection Model Based on Multimodal Deep Learning Neural Network[J].ACTA ELECTRONICA SINICA,2022,50(02):508-512. DOI： 10.12263/DZXB.20210009.

摘要

为进一步提升应用层DDoS攻击检测准确率，提出一种将流量与用户行为特征相结合且模型参数可高效更新的应用层DDoS攻击检测模型.为统一处理流量与用户行为特征的异源数据，利用多模态深度（Multimodal Deep Learning，MDL）神经网络从数据流量与网页日志中提取流量与用户行为深层特征后输入汇聚深度神经网络进行检测.为减少MDL神经网络参数更新时的灾难性遗忘现象，在模型参数更新过程中基于弹性权重保持（Elastic Weight Consolidation，EWC）算法为重要模型参数增加惩罚项，保持对初始训练数据集检测准确率的同时，提升对新数据集的检测性能.最后，基于K-Means算法获得模型初始训练数据集聚类，并筛选出新数据集中聚类外数据进行模型参数更新，防止EWC算法因数据相关性过高而失效.实验表明，所提应用层DDoS检测模型检测准确率可达98.2%，且相对MLP_Whole方法模型参数更新性能较好.

Abstract

To further improve the accuracy of application-layer DDoS attack detection

an application-layer DDoS attack detection model is proposed to combine traffic and user behavior features and to update model parameters efficiently. To integrate the heterogeneous data of traffic and user behavior characteristics

a multimodal deep learning(MDL) neural network is applied to extract the deep features of traffic and user behavior

which are employed for detection. To alleviate catastrophic forgetting in the update process of the MDL neural network

a penalty item is added to the important parameters based on the elastic weight consolidation(EWC) algorithm. The detection performance on the new dataset is improved while maintaining the detection accuracy of the initial training dataset. Based on the K-Means algorithm

the clusters of the initial training dataset are calculated. To prevent the EWC algorithm from failing due to high data correlation

the data outside the clusters are used to update model parameters. Experiments show that the detection accuracy of the proposed application layer DDoS detection model reaches 98.2%

and it has better model update performance than the MLP_Whole method.

关键词

Keywords

references

孙长华 , 刘斌 . 分布式拒绝服务攻击研究新进展综述 [J]. 电子学报， 2009 ， 37 ( 7 )： 1562 - 1570 .

SUN Chang-hua , LIU Bin . Survey on new solutions against distributed denial of service attacks [J]. Acta Electronica Sinica ， 2009 ， 37 ( 7 )： 1562 - 1570 . (in Chinese)

SARAVANAN A , BAMA S , KADRY S , et al . A new framework to alleviate DDoS vulnerabilities in cloud computing [J]. International Journal of Electrical & Computer Engineering ， 2019 ， 9 ( 5 )： 4163 - 4175 .

GULIHAR P , GUPTA B B . Cooperative Mechanisms for Defending Distributed Denial of Service(DDoS) Attacks [M]// Handbook of Computer Networks and Cyber Security . Germany ： Springer ， 2020 ： 421 - 443 .

PRASEED A , THILAGAM P S . DDoS attacks at the application layer: Challenges and research perspectives for safeguarding Web applications [J]. IEEE Communications Surveys & Tutorials ， 2018 ， 21 ( 1 )： 661 - 685 .

张斌 , 刘自豪 , 董书琴 , 等 . 基于偏二叉树SVM多分类算法的应用层DDoS检测方法 [J]. 网络与信息安全学报， 2018 ， 4 ( 3 )： 24 - 34 .

ZHANG Bin , LIU Zi-hao , DONG Shu-qin , et al . App-DDoS detection method using partial binary tree based SVM algorithm [J]. Journal of Network and Information Security ， 2018 ， 4 ( 3 )： 24 - 34 . (in Chinese)

LIN H , CAO S , WU J , et al . Identifying application-layer DDoS attacks based on request rhythm matrices [J]. IEEE Access ， 2019 ， 7 ： 164480 - 164491 .

JIANG J , YU Q , YU M , et al . ALDD: A hybrid traffic-user behavior detection method for application layer DDoS [C]// The 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering . Piscataway, NJ ： IEEE ， 2018 ： 1565 - 1569 .

LI B , GAO M , MA L , et al . Web application-layer DDoS attack detection based on generalized Jaccard similarity and information entropy [C]// International Conference on Artificial Intelligence and Security . Germany ： Springer ， 2019 ： 576 - 585 .

刘自豪 , 张斌 , 祝宁 , 等 . 基于改进AP聚类算法的自学习应用层DDoS检测方法 [J]. 计算机研究与发展， 2018 ， 44 ( 5 )： 729 - 736 .

LIU Zi-hao , ZHANG Bin , ZHU Ning , et al . Adaptive app-DDoS detection method based on improved AP algorithm [J]. Journal of Computer Research and Development ， 2018 ， 44 ( 5 )： 729 - 736 . (in Chinese)

FRENCH R M . Catastrophic forgetting in connectionist networks [J]. Trends in Cognitive Sciences ， 1999 ， 3 ( 4 )： 128 - 135 .

KIRKPATRICK J , PASCANU R , RABINOWITZ N , et al . Overcoming catastrophic forgetting in neural networks [J]. Proceedings of the National Academy of Sciences ， 2017 ， 114 ( 13 )： 3521 - 3526 .

JAZI H H , GONZALEZ H , STAKHANOVA N , et al . Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling [J]. Computer Networks ， 2017 ， 121 ( 1 )： 25 - 36 .

SHARAFALDIN I , LASHKARI A H , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization [C]// The 4th International Conference on Information Systems Security and Privacy . Germany ： Springer ， 2018 ： 108 - 116 .

SHARAFALDIN I , LASHKARI A H , HAKAK S , et al . Developing realistic distributed denial of service(DDoS) attack dataset and taxonomy [C]// 2019 International Carnahan Conference on Security Technology . Piscataway, NJ ： IEEE ， 2019 ： 1 - 8 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据