Computer Engineering and Applications ›› 2013, Vol. 49 ›› Issue (17): 9-11.

Previous Articles     Next Articles

DDoS attack detection method based on conditional random field with feature set

CHEN Shiwen, WU Jiangxing, HUANG Wanwei   

  1. China National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China
  • Online:2013-09-01 Published:2013-09-13



  1. 国家数字交换系统工程技术研究中心,郑州 450002

Abstract: The traditional detection methods for DDoS attacks have low accuracy and high false alarms rate because those means are only based on one of such flow features as burst feature, dispersed source IP address, asymmetry flow and etc. This paper uses conditional random field to integrate many pattern match rules for DDoS attack detection. The feature vector includes one way connection density, source IP entropy, destination IP entropy, destination port entropy and protocol entropy. The simulation results show that the proposed method outperforms other well-known methods such as na?ve Bayes and SVM. The detection accuracy rate reaches 99.82% and the false alarm rate is less than 0.6%.The method is robustness under strong interference traffic noise.

Key words: distributed denial of service attack, conditional random fields, feature vector, entropy

摘要: 基于流量突发性、源IP地址的分散性、流非对称性等单一手段进行DDoS攻击检测,存在准确率低,虚警率高等问题。利用条件随机场不要求严格独立性假设与综合多特征能力的优点,提出了基于CRF模型融合特征规则集实现对DDoS攻击的检测方法,采用单边连接密度OWCD、IP包五元组熵IPE组成多维特征向量,仿真结果表明,在DARPA2000数据集下,检测准确率达99.82%、虚警率低于0.6%,且在强背景噪声干扰下无明显恶化。

关键词: 分布式拒绝服务攻击, 条件随机场, 特征向量,