DoS Traffic Identification Technology Based on Integrated Learning

doi:10.3969/j.issn.1671-1122.2019.09.024

Abstract

Abstract:

Denial of service attack is a common cyber attack method that is difficult to detect and prevent for a long term. By consuming the bandwidth or computing resources of the target computer, the target computer network service is interrupted or stopped, which results in the normal users can not access it. With the rapid development of machine learning algorithms, decision tree, support vector machine, random forest and adaboost are gradually used to identify and detect DoS attacks network traffic. For most machine learning algorithms, the choice of network traffic characteristics directly determines the performance of the algorithm. This paper extracts and selects network traffic characteristics by using CICFlowMeter and random forest algorithm, and designs algorithm training model to detect DoS attack traffic, which achieves better accuracy and recall rate, and verifies the validity of the detection method.

Key words: DoS attack, machine learning, random forest, feature selection, ensemble learning

CLC Number:

TP309

Zewen MA, Yang LIU, Hongping XU, Hang YI. DoS Traffic Identification Technology Based on Integrated Learning[J]. Netinfo Security, 2019, 19(9): 115-119.

Figures/Tables 5

References 12

[1]	WANG Xiaoqun, DING Li, LI Jia, et al.Summary of China’s Internet Network Security Situation in 2017[J]. Confidential Science and Technology, 2018, 92(5): 6-13.
	王小群,丁丽,李佳,等. 2017年我国互联网网络安全态势综述[J].保密科学技术,2018,92(5):6-13.
[2]	WANG Xiaoqun, DING Li, et al.Summary of China’s Internet Network Security Situation in 2018[J]. Confidential Science and Technology, 2019, 93(5): 4-9.
	王小群,丁丽,等. 2018年我国互联网网络安全态势综述[J].保密科学技术, 2019,93(5):4-9.
[3]	YANG Xinyu, YANG Shusen, LI Juan.A Flood-Down DDoS Attack Detection Algorithm Based on Nonlinear Preconditioned Network Traffic Prediction Method[J]. Chinese Journal of Computers, 2011, 34(2): 395-405.
	杨新宇,杨树森,李娟.基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J].计算机学报,2011,34(2):395-405.
[4]	FEINSTEIN L, SCHNACKENBERG D, BALUPARI R, et al.Statistical Approaches to DDoS Attack Detection and Response[C]//IEEE. DARPA Information Survivability Conference and Exposition, April 22-24, 2003, Washington, DC, USA. NJ: IEEE, 2003: 303-314.
[5]	VIJAYASARATHY R, RAGHAVAN SV, RAVINDRAN B.A System Approach to Network Modeling for DDoS Detectionutilizing a Naive Bayesian Classifier[C]//IEEE. 2011 Third International Conference on Communication Systems and Networks, January 4-8, 2011, Bangalore, India. NJ: IEEE, 2011: 1-10.
[6]	CHEN R C, CHENG Kaifan, CHEN Yinghao, et al.Using Rough Set and Support Vector Machinefor Network Intrusion Detection System[C]//IEEE. 2009 First Asian Conference on Intelligent Information and Database Systems, April 1-3, 2009, Dong Hoi, Vietnam. NJ: IEEE, 2009: 1-13.
[7]	FARID D M, HARBI N, BAHRI E, et al. AttacksClassification in Adaptive Intrusion Detection UtilizingDecision Tree Global Journal of Electrical[EB/OL]. .
[8]	LIU Peng,CHEN Houwu,FANG Xiao, et al.Research on Monitoring Mechanism and Model of Network Security Situation[J]. Netinfo Security, 2015, 15(9): 66-69.
	刘鹏,陈厚武,房潇,等.网络安全态势监控机制与模型研究[J]. 信息网络安全,2015,15(9):66-69.
[9]	SHARAFALDIN I, LASHKARI A. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[EB/OL]. .2019-6-30.
[10]	WANG Yi, TANG Yong, LU Zexin, et al.Research on Features Selection in Malware Clustering[J]. Netinfo Security, 2016, 16(9): 64-68.
	王毅,唐勇,卢泽新,等.恶意代码聚类中的特征选取研究[J].信息网络安全,2016,16(9):64-68.
[11]	GIL G D, LASHKARI A H, et al. Characterization of Encrypted and VPN Traffic Using Time-Related Features[EB/OL]. ,2019-6-30.
[12]	WANG Wei, SHEN Xudong.Research on Transfer Time Series Anomaly Detection Algorithm Based on Instance[J]. Netinfo Security, 2019, 19(3): 11-18.
	王伟,沈旭东.基于实例的迁移时间序列异常检测算法研究[J].信息网络安全,2019,19(3):11-18.

序号	特征名称	特征得分
1	Bwd Packet Length Std	0.07691
2	Avg Bwd Segment Size	0.07058
3	Bwd Packet Length Mean	0.05776
4	Packet Length Mean	0.05372
5	Average Packet Size	0.05366
6	Bwd Packets/s	0.04699
7	Packet Length Variance	0.04648
8	Destination Port	0.04046
9	Packet Length Std	0.03973
10	Max Packet Length	0.03903

序号	特征名称	特征得分
1	Bwd Packet Length Std	0.6761
2	Init_Win_bytes_backward	0.5177
3	Packet Length Mean	0.4636
4	Destination Port	0.3703
5	Destination Port.1	0.2283
6	Init_Win_bytes_forward	0.1377
7	Fwd IAT Std	0.0699
8	Flow IAT Min	0.0536
9	FIN Flag Count	0.0488
10	Bwd Packets/s	0.0401

	精度	召回率	F₁分数	训练时间/s
全部特征	0.98645	0.99056	0.98919	287
F_SET1	0.95330	0.98062	0.96677	106
F_SET2	0.99357	0.98731	0.99043	115
F_SET3	0.99070	0.98544	0.98806	104

	随机森林	决策树	支持向量机	投票分类器
F_SET1	0.96677	0.91890	0.77070	0.93330
F_SET2	0.99043	0.99480	0.77925	0.99680
F_SET3	0.98806	0.99305	0.77474	0.98883

[1]	Chun GUO, Changqing CHEN, Guowei SHEN, Chaohui JIANG. A Ransomware Classification Method Based on Visualization [J]. Netinfo Security, 2020, 20(4): 31-39.
[2]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[3]	Xin SONG, Kai ZHAO, Linlin ZHANG, Wenbo FANG. Research on Android Malware Detection Based on Random Forest [J]. Netinfo Security, 2019, 19(9): 1-5.
[4]	Yongcheng DUAN, Yuqing WANG, Xin LI, Le YANG. RSAR-based Random Forest Network Security Situation Factor Extraction [J]. Netinfo Security, 2019, 19(7): 75-81.
[5]	Guanheng CHEN, Jinshu SU. Abnormal Traffic Detection Algorithm Based on Deep Neural Network [J]. Netinfo Security, 2019, 19(6): 68-75.
[6]	Ke ZHANG, Youjie WANG, Shaoyin CHENG, Lidong WANG. Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks [J]. Netinfo Security, 2019, 19(5): 22-29.
[7]	Hui LI, Shice NI, Jia XIAO, Tianzhong ZHAO. Emotion Classification Technology for Online Video Comments on the Internet [J]. Netinfo Security, 2019, 19(5): 61-68.
[8]	Zhibin YU, Cheng MA, Siqi LI, Miao WANG. Research on DDoS Attack Model Based on Web Application Layer [J]. Netinfo Security, 2019, 19(5): 84-90.
[9]	Chunqi TIAN, Jing LI, Wei WANG, Liqing ZHANG. A Method for Improving the Performance of Spark on Container Cluster Based on Machine Learning [J]. Netinfo Security, 2019, 19(4): 11-19.
[10]	Leihua ZHANG, Hongtai NIU, Zhongni WANG, Xuehong LIU. Research on the Construction of Early Warning Model of Criminals Based on Big Data [J]. Netinfo Security, 2019, 19(4): 82-89.
[11]	Jianwei HU, Wei ZHAO, Zheng YAN, Rui ZHANG. Analysis and Implementation of SQL Injection Vulnerability Mining Technology Based on Machine Learning [J]. Netinfo Security, 2019, 19(11): 36-42.
[12]	Jian ZHANG, Bohan CHEN, Liangyi GONG, Zhaojun GU. Research on Malware Detection Technology Based on Image Analysis [J]. Netinfo Security, 2019, 19(10): 24-31.
[13]	Weiping WEN, Jingwei LI, Yingnan JIAO, Hailin LI. A Vulnerability Detection Method Based on Random Detection Algorithm and Information Aggregation [J]. Netinfo Security, 2019, 19(1): 1-7.
[14]	YU Yingchao, DING Lin, CHEN Zuoning. Research on Attacks and Defenses towards Machine Learning Systems [J]. 信息网络安全, 2018, 18(9): 10-18.
[15]	ZHANG Yang, YAO Yuangang. Research on Network Intrusion Detection Based on Xgboost [J]. 信息网络安全, 2018, 18(9): 102-105.