基于Attention-GRU的SHDoS攻击检测研究

doi:10.3969/j.issn.1671-1122.2024.03.008

信息网络安全 ›› 2024, Vol. 24 ›› Issue (3): 427-437.doi: 10.3969/j.issn.1671-1122.2024.03.008

基于Attention-GRU的SHDoS攻击检测研究

江魁¹(), 卢橹帆², 苏耀阳², 聂伟²

1.深圳大学信息中心，深圳 518060
2.深圳大学电子与信息工程学院，深圳 518060

收稿日期:2023-09-17 出版日期:2024-03-10 发布日期:2024-04-03
通讯作者: 江魁 E-mail:jiangkui@szu.edu.cn
作者简介:江魁（1975—），男，安徽，高级工程师，硕士，CCF会员，主要研究方向为网络安全与网络管理|卢橹帆（1997—），男，广东，硕士研究生，主要研究方向为网络安全|苏耀阳（1998—），男，广东，硕士研究生，主要研究方向为网络安全|聂伟（1973—），男，河南，讲师，博士，主要研究方向为计算机网络体系结构、软件定义网络和可编程芯片
基金资助:
教育部未来网络创新研究与应用项目(2021FNB01001)

SHDoS Attack Detection Research Based on Attention-GRU

JIANG Kui¹(), LU Lufan², SU Yaoyang², NIE Wei²

1. Information Center, Shenzhen University, Shenzhen 518060, China
2. College of Electronics and Information Engineering, Shenzhen University, Shenzhen 518060, China

Received:2023-09-17 Online:2024-03-10 Published:2024-04-03
Contact: JIANG Kui E-mail:jiangkui@szu.edu.cn

摘要/Abstract

摘要：

针对SHDoS发起变频攻击导致阈值检测方案失效的问题，文章提出一种基于Attention-GRU的深度学习模型。该模型首先利用改进的Borderline-SMOTE进行数据平衡处理，然后引入自注意力机制构建双层GRU分类网络，对预处理后的数据进行学习训练，最后对SHDoS攻击流量进行检测。在CICIDS2018数据集和SHDoS自制数据集上进行验证，实验结果表明，文章所提模型的精确率分别为98.73%和97.64%，召回率分别为96.57%和96.27%，相较于未采用自注意力机制的模型，在精确率和召回率上有显著提升，相较于以往采用SMOTE或Borderline-SMOTE进行数据预处理的模型，文章所提模型的性能也是最佳的。

关键词: SHDoS攻击, Borderline-SMOTE过采样算法, 自注意力机制, 门控循环单元

Abstract:

Aiming at the problem that SHDoS initiates a frequency conversion attack that causes the threshold detection scheme to fail, a deep learning model based on attention-GRU was proposed. The model used the improved Borderline-SMOTE for data balance processing firstly, then introduced the self-attention mechanism to build a two-layer GRU classification network, learned and trained the preprocessed data, and analyzed the SHDoS attack traffic to test finally. Verified by the CICIDS2018 dataset and self-built ShDoS dataset, and the experimental results shows that the accuracy rate of the model is 98.73% and 97.64% respectively, the recall rate is 96.57% and 96.27% respectively. The model with self-attention mechanism shows significant improvement compared to the model without it, compared to other models that use SMOTE or Borderline-SMOTE for data preprocessing, the performance of this model is also the best.

Key words: SHDoS attack, Borderline-SMOTE oversampling algorithm, self-attention mechanism, gated recurrent unit

中图分类号:

TP309

江魁, 卢橹帆, 苏耀阳, 聂伟. 基于Attention-GRU的SHDoS攻击检测研究[J]. 信息网络安全, 2024, 24(3): 427-437.

JIANG Kui, LU Lufan, SU Yaoyang, NIE Wei. SHDoS Attack Detection Research Based on Attention-GRU[J]. Netinfo Security, 2024, 24(3): 427-437.

图/表 16

图1

图2

图3

图4

图5

表1

表2

表3

图6

图7

图8

图9

表4

表5

表6

表7

参考文献 19

[1]	ZARGAR S T, JOSHI J, TIPPER D. A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks[J]. IEEE Communications Surveys & Tutorials, 2013, 15(4): 2046-2069.
[2]	WU Hanqing. White Hats Talk about Web Security[M]. Beijing: Electronic Industry Press, 2013.
	吴翰清. 白帽子讲Web安全[M]. 北京: 电子工业出版社, 2013.
[3]	WONG O C, TOM B. Layer DDoSLayer 7 DDoS Attacks. OWASP AppSec DC 2010. (2010-11-11)[2023-08-03]. https://owasp.org/www-pdf-archive/Layer_7_DDOS.pdf
[4]	ARI I, HONG Bo, MILLER E L, et al. Managing Flash Crowds on the Internet[C]// IEEE. 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems. New York: IEEE, 2003: 246-249.
[5]	LUO Wenhua, CHENG Jiaxing. Hybrid DDoS Attack Distributed Detection System Based on Hadoop Architecture[J]. Netinfo Security, 2021, 21(2): 61-69.
	罗文华, 程家兴. 基于Hadoop架构的混合型DDoS攻击分布式检测系统[J]. 信息网络安全, 2021, 21(2): 61-69.
[6]	PRIYA S S, SIVARAM M, YUVARAJ D, et al. Machine Learning Based DDoS Detection[C]// IEEE. 2020 International Conference on Emerging Smart Computing and Informatics (ESCI). New York: IEEE, 2020: 234-237.
[7]	HIRAKAWA T, OGURA K, BISTA B B, et al. A Defense Method Against Distributed Slow HTTP DoS Attack[C]// IEEE. 2016 19th International Conference on Network-Based Information Systems (NBiS). New York: IEEE, 2016: 152-158.
[8]	MURALEEDHARAN N, JANET B. Behaviour Analysis of HTTP Based Slow Denial of Service Attack[C]// IEEE. 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). New York: IEEE, 2017: 1851-1856.
[9]	CHEN Yi, ZHANG Meijing, XU Fajian. HTTP Slow DoS Attack Detection Method Based on One-Dimensional Convolutional Neural Network[J]. Computer Applications, 2020, 40(10): 2973-2979.
	陈旖, 张美璟, 许发见. 基于一维卷积神经网络的HTTP慢速DoS攻击检测方法[J]. 计算机应用, 2020, 40(10): 2973-2979. doi: 10.11772/j.issn.1001-9081.2020020172
[10]	SHANG Fubo. Research on Intrusion Detection Technology Based on Deep Learning[D]. Shenyang: Shenyang Jianzhu University, 2021.
	商富博. 基于深度学习的入侵检测技术研究[D]. 沈阳: 沈阳建筑大学, 2021.
[11]	SHLENS J. A Tutorial on Principal Component Analysis[EB/OL]. (2014-04-03)[2023-08-03]. http://arxiv.org/pdf/1404.1100.pdf.
[12]	SHI Hongbo, CHEN Yuwen, CHEN Xin. Review of SMOTE Oversampling and Its Improved Algorithms[J]. Journal of Intelligent Systems, 2019, 14(6): 1073-1083.
	石洪波, 陈雨文, 陈鑫. SMOTE过采样及其改进算法研究综述[J]. 智能系统学报, 2019, 14(6): 1073-1083.
[13]	CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE: Synthetic Minority Over-Sampling Technique[J]. Journal of Artificial Intelligence Research, 2002(16): 321-357.
[14]	HAN Hui, WANGWenyuan, MAOBinghuan. Borderline-SMOTE: A New Over-Sampling Method in Imbalanced Data Sets Learning[C]// Springer. International Conference on Intelligent Computing. Heidelberg: Springer, 2005: 878-887.
[15]	JIA Jing, WANG Qingsheng, CHEN Yongle, et al. DDoS Attack Detection Method Based on Attention Mechanism[J]. Computer Engineering and Design, 2021, 42(9): 2439-2445.
	贾婧, 王庆生, 陈永乐, 等. 基于注意力机制的DDoS攻击检测方法[J]. 计算机工程与设计, 2021, 42(9): 2439-2445.
[16]	VASWANI A, SHAZEER N, PARMAR N, et al. Attention is All You Need[J]. Neural Information Processing Systems, 2017(30): 6000-6010.
[17]	YAN Liang, JI Shaopei, LIU Dong, et al. Network Intrusion Detection Based on GRU and Feature Embedding[J]. Journal of Applied Science, 2021, 39(4): 559-568.
	颜亮, 姬少培, 刘栋, 等. 基于GRU与特征嵌入的网络入侵检测[J]. 应用科学学报, 2021, 39(4): 559-568.
[18]	CHO K, VAN M B, GULCEHRE C, et al. Learning Phrase Representations Using RNN Encoder-Decoder for Statistical Machine Translation[EB/OL]. (2014-06-03)[2023-08-03]. https://arxiv.org/abs/1406.1078.
[19]	SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[EB/OL]. (2018-01-01)[2023-08-03]. https://www.researchgate.net/publication/322870768_Toward_Generating_a_New_Intrusion_Detection_Dataset_and_Intrusion_Traffic_Characterization.

名称	数量/条	标签
Benign	199603	0
SHDoS attacks	10990	1

名称	数量/条	标签
Benign	87614	0
SHDoS attacks	67310	1

真实值	预测值
真实值	攻击数据	正常数据
攻击数据	TP	FN
正常数据	FP	TN

模型参数	参数内容
采样倍率n₁/n₂	0.1/0.9
GRU1/GRU2神经元个数	128/64
损失函数	categorical_crossentropy
优化器	adam
优化器学习率	0.01
epoch	20
dropout	0.25
批处理大小	128

模型	精确率（CICIDS 2018）	召回率（CICIDS 2018）	精确率（自制数据集）	召回率（自制数据集）
SMOTE+MLP	92.56%	98.50%	91.45%	93.21%
SMOTE+RNN	95.15%	94.41%	94.23%	95.25%
SMOTE+LSTM	95.12%	94.87%	92.31%	94.32%
SMOTE+GRU	96.23%	96.80%	94.33%	96.45%
Borderline- SMOTE+MLP	95.30%	90.45%	95.32%	91.45%
Borderline- SMOTE+RNN	94.89%	90.69%	96.24%	92.20%
Borderline- SMOTE+LSTM	95.78%	87.39%	95.27%	90.24%
Borderline- SMOTE+GRU	97.00%	92.24%	96.39%	93.25%
改进Borderline-SMOTE+GRU	97.95%	95.05%	96.23%	93.45%
本文模型	98.73%	96.57%	97.64%	96.27%

基于Attention-GRU的SHDoS攻击检测研究

SHDoS Attack Detection Research Based on Attention-GRU

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 16

参考文献 19

相关文章 2

编辑推荐

Metrics

本文评价

[1]	杨志鹏, 刘代东, 袁军翼, 魏松杰. 基于自注意力机制的网络局域安全态势融合方法研究[J]. 信息网络安全, 2024, 24(3): 398-410.
[2]	李季瑀, 付章杰, 张玉斌. 一种基于跨域对抗适应的图像信息隐藏算法[J]. 信息网络安全, 2023, 23(1): 93-102.

攻击类型	准确率
单一频率SHDoS	93.35%
变频SHDoS	72.16%

攻击类型	准确率
单一频率SHDoS	96.55%
变频SHDoS	95.43%