信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 115-119.doi: 10.3969/j.issn.1671-1122.2019.09.024

• • 上一篇    下一篇

基于集成学习的DoS攻击流量检测技术

马泽文, 刘洋, 徐洪平, 易航   

  1. 北京宇航系统工程研究所,北京 100076
  • 收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:马泽文(1996—),男,辽宁,硕士研究生,主要研究方向为网络信息安全;刘洋(1994—),男,安徽,工程师,硕士,主要研究方向为网络信息安全;徐洪平(1969—),男,河南,研究员,硕士,主要研究方向为飞行器设计;易航(1981—),男,北京,研究员,硕士,主要研究方向为指挥控制。

DoS Traffic Identification Technology Based on Integrated Learning

Zewen MA, Yang LIU, Hongping XU, Hang YI   

  1. Beijing Institute of Astronautical System Engineering, Beijing 100076,China
  • Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要:

DoS攻击即拒绝服务攻击是一种常见且长期以来难以检测和预防的网络攻击方法,通过消耗被攻击者的带宽或计算资源造成目标计算机网络服务中断或停止,导致正常用户无法访问。随着机器学习算法的快速发展,决策树、支持向量机、随机森林、adaboost等算法逐渐被用于DoS攻击网络流量的识别与检测。对于大多数机器学习算法来说,网络流量特征的选择直接决定算法性能的优劣。文章使用网络流量特征提取工具CICFlowMeter和随机森林算法对网络流量特征进行提取和选择,设计算法训练模型对DoS攻击流量进行检测,取得了较好的精度及召回率,验证了文章检测方法的有效性。

关键词: DoS攻击, 机器学习, 随机森林, 特征选择, 集成学习

Abstract:

Denial of service attack is a common cyber attack method that is difficult to detect and prevent for a long term. By consuming the bandwidth or computing resources of the target computer, the target computer network service is interrupted or stopped, which results in the normal users can not access it. With the rapid development of machine learning algorithms, decision tree, support vector machine, random forest and adaboost are gradually used to identify and detect DoS attacks network traffic. For most machine learning algorithms, the choice of network traffic characteristics directly determines the performance of the algorithm. This paper extracts and selects network traffic characteristics by using CICFlowMeter and random forest algorithm, and designs algorithm training model to detect DoS attack traffic, which achieves better accuracy and recall rate, and verifies the validity of the detection method.

Key words: DoS attack, machine learning, random forest, feature selection, ensemble learning

中图分类号: