Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (21): 148-154.DOI: 10.3778/j.issn.1002-8331.2007-0256

Previous Articles     Next Articles

ICMPv6 DDoS Attack Detection Method Based on Information Entropy and LSTM

JIANG Kui, QIU Yuandong, ZHENG Haocheng   

  1. 1. Information Center, Shenzhen University, Shenzhen, Guangdong 518000, China
    2. College of Electronics and Information Engineering, Shenzhen University, Shenzhen, Guangdong 518000, China
  • Online:2021-11-01 Published:2021-11-04

基于信息熵与LSTM的ICMPv6 DDoS攻击检测方法

江魁,丘远东,郑浩城   

  1. 1.深圳大学 信息中心,广东 深圳 518000
    2.深圳大学 电子与信息工程学院,广东 深圳 518000

Abstract:

As the basic supporting protocol for IPv6 network operation, the ICMPv6 protocol is an important part of IPv6 DDoS attack defense. Based on the analysis of the current status of ICMPv6 DDos attack detection at home and abroad, this paper proposes a dual detection method based on the combination of information entropy and Long Short-Term Memory(LSTM). This method can effectively identify abnormal traffic through preliminary detection based on information entropy, and then confirm the abnormal traffic based on the deep detection of the improved LSTM neural network. Simulation experiments show that the accuracy of this method for identifying ICMPv6 DDoS attacks can reach more than 95%. Compared with the commonly used detection methods, the accuracy of this method is higher. At the same time, compared with the detection method based only on LSTM, this method shortens the detection time by more than 50% and has better performance.

Key words: distributed denial of service attack, attack detection, ICMPv6, information entropy, long short-term memory

摘要:

ICMPv6(Internet Control Management Protocol version 6)协议作为IPv6网络运行的基础支撑协议,是IPv6 DDoS(Distribute Denial of Service)攻击防御的一个重要环节。在分析国内外ICMPv6 DDos攻击检测现状的基础上,提出了一种基于信息熵与长短期记忆网络(Long Short-Term Memory,LSTM)相结合的双重检测方法。该方法通过基于信息熵的初步检测能有效识别出异常流量,再进一步基于改进的LSTM网络的深度检测对异常流量进行确认。仿真实验表明,该方法对ICMPv6 DDoS攻击的识别准确率能达到95%以上,与常用的检测方法相比,该方法的准确率更高。同时,与只基于LSTM的检测方法相比,该方法缩短了50%以上的检测时间,具有更好的性能。

关键词: 分布式拒绝服务攻击, 攻击检测, ICMPv6, 信息熵, 长短期记忆网络