Netinfo Security ›› 2023, Vol. 23 ›› Issue (7): 86-97.doi: 10.3969/j.issn.1671-1122.2023.07.009

Previous Articles     Next Articles

Distributed Denial of Service Attack Detection Algorithm Based on Two-Channel Feature Fusion

JIANG Yingzhao, CHEN Lei, YAN Qiao()   

  1. College of Computer Science and Software Engineering, Shenzhen University, Shenzhen 518060, China
  • Received:2023-03-27 Online:2023-07-10 Published:2023-07-14

Abstract:

With the rapid development of the Internet of things, the number of devices accessing the network is increasing rapidly, so the distributed denial of service (DDoS) attacks often have the characteristics of various attack methods and rapid changes. To deal with mixed and variable DDoS attacks with large traffic, the existing detection methods based on statistical analysis rely too much on artificially setting thresholds, while the anomaly detection methods based on machine learning have the problems of high false positive rate and high false negative rate. Therefore, this paper proposed a two-channel feature fusion detection model based on convolutional neural network (CNN) and attention mechanism, which was DCFD-CA. The model inputted the statistical feature samples into the local feature extraction channel based on CNN and the global feature extraction channel based on the attention mechanism respectively, and used the difference of the two model structures to achieve different effects. The former could abstract the relationship between local feature values, and the latter could assign more weight to important features. In order to fuse the functions of the two models, the abstract features output by each channel were normalized, and then the feature data of two different channels was fused by stacking, and finally the three-layer neural network was used for detection and classification. Conducting experiments on the public datasets CICIDS2017-DDoS, CICIDS2018-DDoS and CICDDoS2019, the F1 scores of the DCFD-CA model are 0.9863, 0.9996 and 0.9998 respectively, which are better than SAE-MLP, composite DNN models.

Key words: DDoS attack, attention mechanism, convolutional neural network, anomaly detection, deep learning

CLC Number: