一种基于RNN区分DDoS攻击类型的方法

doi:10.3969/j.issn.1671-1122.2022.07.001

信息网络安全 ›› 2022, Vol. 22 ›› Issue (7): 1-8.doi: 10.3969/j.issn.1671-1122.2022.07.001

• 等级保护 • 下一篇

一种基于RNN区分DDoS攻击类型的方法

范明钰¹, 李珂²()

1.电子科技大学计算机科学与工程学院,成都 611731
2.重庆大学土木工程学院,重庆 400044

收稿日期:2022-04-07 出版日期:2022-07-10 发布日期:2022-08-17
通讯作者: 李珂 E-mail:keli-bridge@cqu.edu.cn
作者简介:范明钰（1962—）,女,四川,教授,博士,主要研究方向为网络信息安全|李珂（1989—）,男,四川,副教授,博士,主要研究方向为风灾智能防控
基金资助:
国家自然科学基金(60272091);国家自然科学基金(60373109)

A Method to Distinguish DDoS Attack Types Based on RNN

FAN Mingyu¹, LI Ke²()

1. Scholl of Computer Science & Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
2. Scholl of Civil Engineering, Chongqing University, Chongqing 400044, China

Received:2022-04-07 Online:2022-07-10 Published:2022-08-17
Contact: LI Ke E-mail:keli-bridge@cqu.edu.cn

摘要/Abstract

摘要：

随着网络技术的广泛应用,出现了多种多样的网络攻击,其中,分布式拒绝服务（Distributed Denial of Service,DDoS）攻击的危害性较大。将12种DDoS攻击的数据与正常数据流混在一起后难以区分,因此防御DDoS攻击的关键是对其进行有效区分。文章提出一种基于RNN区分DDoS攻击类型的方法。以循环神经网络（Recurrent Neural Network,RNN）为研究改进对象,运用了模型的模块化研究方法和技术,抽象出3类简单模块组合形成RNN-IDDoS模型,该模型具有5层、3种时间步。在公开数据集上进行实验,实验结果表明该模型的准确率可达99.8%,优于当前其他3种模型,取得了很好的区分效果。

关键词: DDoS攻击, 类型区分, RNN

Abstract:

With the wide application of network technology, there are a variety of network attacks, among which distributed denial of service (DDoS) attacks are more harmful. The 12 types of DDoS attacks are mixed with normal data flows and are difficult to distinguish. The primary problem of defending against DDoS attacks is to distinguish them effectively. For the first time, this paper aimed to distinguish for research purposes attack types. It is proposed a method to distinguish DDoS attack types based on Recurrent neural network(RNN). RNN is a research object, with the modularization research methods and techniques, three types of simple modules are abstracted, and combined to form the RNN-IDDoS model. This model has five layers, three-time steps. Experiments on public datasets show that the proposed model can achieve an accuracy of 99.8%, which is better than the experimental test conclusions of the other three current models and has achieved good discrimination results.

Key words: DDoS attack, type distinguish, RNN

中图分类号:

TP309

范明钰, 李珂. 一种基于RNN区分DDoS攻击类型的方法[J]. 信息网络安全, 2022, 22(7): 1-8.

FAN Mingyu, LI Ke. A Method to Distinguish DDoS Attack Types Based on RNN[J]. Netinfo Security, 2022, 22(7): 1-8.

图/表 13

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

图13

参考文献 18

[1]	KELLI Young. Cyber Case Study: The Mirai DDoS Attack on Dyn[EB/OL]. (2016-11-30)[2022-04-01]. https://coverlink.com/case-study/mirai-ddos-attack-on-dyn/.
[2]	WANG Yichuan, MA Jianfeng, LU Di, et al. Game Optimization for Internal DDoS Attack Detection in Cloud Computing[J]. Journal of Computer Research and Development, 2015(8): 1873-1882.
	王一川, 马建峰, 卢笛, 等. 面向云环境内部DDoS攻击检测的博弈论优化[J]. 计算机研究与发展, 2015(8):1873-1882.
[3]	LI Panhui, DING Wei, REN Wentao, et al. Authenticity Analysis on DDoS Attack Detection for IDS[J]. Journal of Southeast University(Natural Science Edition), 2017(47): 9-13.
	李盼辉, 丁伟, 任文韬, 等. 面向IDS的DDoS攻击检测真实性分析[J]. 东南大学学报(自然科学版), 2017(47):9-13.
[4]	ZHANG Yongzheng, XIAO Jun, YUN Xiaochun, et al. DDoS Attacks Detection and Control Mechanisms[J]. Journal of Software, 2012, 23(8): 2058-2072. doi: 10.3724/SP.J.1001.2012.04237 URL
	张永铮, 肖军, 云晓春, 等. DDoS攻击检测和控制方法[J]. 软件学报, 2012(8):2058-2072.
[5]	MAZGAR J A, UMAR F, HAFIZ M A B, et al. Real-Time DDoS Attack Detection System Using Big Data Approach, Sustainability[EB/OL]. (2022-01-10)[2022-04-01]. https://doi.org/10.3390/su131910743.
[6]	TONG A T, HOANG V L, LE H S, et al. Performance Evaluation of Botnet DDoS Attack Detection Using Machine Learning, Evolutionary Intelligence[EB/OL]. (2021-09-10)[2022-04-01]. https://doi.org/10.1007/s12065-019-00310-w.
[7]	PRASAD M D, PRASANTA B V, AMARNATH C. Machine Learning DDoS Detection Using Stochastic Gradient Boosting[EB/OL]. (2021-12-10)[2022-04-01]. https://doi.org/10.26438/ijcse/v7i4.157166.
[8]	DORIGUZZI C R, SIRACUSA D. Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection[J]. IEEE Transactions on Network and Service Management, 2020, 2(17): 876-889.
[9]	NANDI S, PHADIKAR S, MAJUMDER K. Detection of DDoS Attack and Classification Using a Hybrid Approach[J]. 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP), 2020(1): 41-47.
[10]	CIC. DDoS Evaluation Dataset (CIC-DDoS2019))[EB/OL]. (2021-09-10)[2022-04-01]. https://www.unb.ca/cic/datasets/ddos-2019.html.
[11]	SHARAFALDIN I, LASHKARI H A, HAKAK S, et al. Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy[C]// IEEE. IEEE 53rd International Carnahan Conference on Security Technology. New York: IEEE, 2019: 1-8.
[12]	NETRESEC. SplitCap[EB/OL]. (2021-09-10)[2022-04-01]. https://www.netresec.com/?page=SplitCap.
[13]	ARASH H L. CIC Flow Meter[EB/OL]. (2021-09-10) [2022-04-02] https://github.com/ahlashkari/CICFlowMeter.
[14]	POTLURI S, AHMED S, DIEDRICH C. Convolutional Neural Networks for Multi-Class Intrusion Detection System[C]// Springer. Mining International Conference on Mining Intelligence and Knowledge Exploration. Heidelberg: Springer, 2018: 225-238.
[15]	ODENA A. Deconvolution and Checkerboard Artifacts[EB/OL]. (2022-03-27)[2022-04-01]. https://distill.pub/2016/deconv-checkerboard/.
[16]	KRIZHEVSKY A, SUTSKEVER I, HINTON E G. Image Net Classification with Deep Convolutional Neural Networks[J]. Communications of the ACM, 2017(6): 84-90.
[17]	SZEGEDY C, LIU Wei, JIA Yangqing, et al. Going Deeper with Convolutions[C]// IEEE. 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). New York: IEEE, 2015: 1-9.
[18]	HE Kaiming, ZHANG Xiangyu, REN Jiansun, et al. Deep Residual Learning for Image Recognition[C]// IEEE. IEEE Computer Society. New York: IEEE, 2016: 770-778.

一种基于RNN区分DDoS攻击类型的方法

A Method to Distinguish DDoS Attack Types Based on RNN

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 18

相关文章 7

编辑推荐

Metrics

本文评价

[1]	罗文华, 程家兴. 基于Hadoop架构的混合型DDoS攻击分布式检测系统[J]. 信息网络安全, 2021, 21(2): 61-69.
[2]	王健, 王语杰, 韩磊. 基于突变模型的SDN环境中DDoS攻击检测方法[J]. 信息网络安全, 2020, 20(5): 11-20.
[3]	张可, 汪有杰, 程绍银, 王理冬. DDoS攻击中的IP源地址伪造协同处置方法[J]. 信息网络安全, 2019, 19(5): 22-29.
[4]	喻志彬, 马程, 李思其, 王淼. 基于Web应用层的DDoS攻击模型研究[J]. 信息网络安全, 2019, 19(5): 84-90.
[5]	张雪博, 刘敬浩, 付晓梅. 基于改进Logistic回归算法的抗Web DDoS攻击模型的设计与实现[J]. 信息网络安全, 2017, 17(6): 62-67.
[6]	李洁, 许鑫, 陈宇, 张丁文. 模拟DDoS攻击场景下的云取证模型的研究[J]. 信息网络安全, 2015, 15(6): 67-72.
[7]	姜颖军;张淑芝. 网吧DDoS攻击应急处置方案解析[J]. , 2009, 9(9): 0-0.