计算机工程与应用 ›› 2021, Vol. 57 ›› Issue (13): 108-115.DOI: 10.3778/j.issn.1002-8331.2004-0121

• 网络、通信与安全 • 上一篇    下一篇

结合概率图模型与DNN的DDoS攻击检测方法

王文涛,李树梅,汤婕,吕伟龙   

  1. 1.中南民族大学 计算机科学学院,武汉 430074
    2.湖北省制造企业智能管理工程技术研究中心,武汉 430074
    3.南京理工大学 计算机科学与工程学院,南京 210094
  • 出版日期:2021-07-01 发布日期:2021-06-29

DDoS Attack Detection Method Based on Probability Graph Model and DNN

WANG Wentao, LI Shumei, TANG Jie, LYU Weilong   

  1. 1.College of Computer Science, South-Central University for Nationalities, Wuhan 430074, China
    2.Hubei Provincial Engineering Research Center for Intelligent Management of Manufacturing Enterprises, Wuhan 430074, China
    3.School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China
  • Online:2021-07-01 Published:2021-06-29

摘要:

从传统网络到物联网,分布式拒绝服务攻击一直是网络安全的隐患。为提高分布式拒绝服务攻击的检测率,提出基于概率图模型与深度神经网络的DDoS攻击检测方案。该检测方案由数据预处理阶段和攻击检测阶段组成,在数据预处理阶段,研究了正常数据包与攻击包的区别,分别从TCP、UDP以及IP数据包包头信息提取出较高维的统计特征,根据随机森林计算的特征重要性因子,保留了前22个特征用于流量检测。22个统计特征通过概率图模型的隐马尔科夫算法进行聚类,然后将聚类结果通过检测阶段的深度神经网络对网络数据进行进一步的检测。在CICDoS数据集上进行验证性实验,结果表明,该检测方法的准确率最高可达99.35%,最低检测误报率和漏警率分别可达0.51%和0.12%。

关键词: 分布式拒绝服务攻击(DDoS), 隐马尔科夫(HMM), 深度神经网络(DNN), 机器学习

Abstract:

From traditional network to Internet of Things, Distributed Denial of Service(DDoS) has always been a hidden danger of network security. In order to improve the detection rate of DDoS attacks, a detection scheme based on probability graph model and Deep Neural Network(DNN) is proposed. The detection scheme is composed of data preprocessing stage and DDoS attack detection stage. In the data preprocessing stage, firstly, the difference between normal packets and DDoS attack packets is studied, and high-dimensional statistical features are extracted from TCP, UDP and IP packet header information respectively. According to the feature importance factor calculated by random forest, the first 22 features are reserved for traffic detection. Secondly, 22 statistical features are clustered by Hidden Markov algorithm of probability graph Model. Then the clustering results are further detected by the depth neural network in the detection stage. Finally, the experimental results on the cicdos data set show that the accuracy of the detection method is up to 99.35%, and the lowest false alarm rate and false alarm rate are up to 0.51% and 0.12%, respectively.

Key words: Distributed Denial of Service(DDoS), Hidden Markov Model(HMM), Deep Neural Network(DNN), machine learning