DDoS Attack Detection Based On Ensemble Learning

DDoS attack has been a great challenge to the Internet security for many years.The traffic delivered during the attack is huge.With increasing online transaction and the more complex types of DDoS attack launched,it is crucial to detect the DDoS attack with high accuracy in time among the huge amount data.After deep analyzing of the existing DDoS attack detection methods at home and abroad,an ensemble data mining framework was proposed to reduce the redundant data and improve the accuracy of the detection in this paper.Three parts were contained in the proposed framework to solve the problem,ranking,attributes' selection,ensemble learning.The major contribution and innovation of this paper are as follows:(1)This paper analyzed the bias phenomenon of information entropy based ranking on attributes with large values,and proposed a ranking method based on the symmetric uncertainty SU value to rank the attributes of the traffic dataset.After ranking the attributes with the SU value,the correlations between the attributes and the class value were analyzed.It provide foundation for the detection.By doing this,the basis to discriminate the normal network traffic data from abnormal data is better understand.And it is also useful for taking targeted detection and taking defensive measures.(2)By analyzing the severe situation of current network attack and the attack attributes of the traffic,the ant colony search with strong local search ability and the particle swarm search with strong global information perception ability,and the genetic algorithm with strong parallel search ability were combined to select the important attributes and reduce the redundancy between the attributes.Combination with the previous symmetric uncertainty ranking,the attribute selection based on SU-Hybrid is proposed to select the high correlation and low redundancy attribute sets.It can improve the efficiency and precision of the detection process.(3)Voting among the repeated sampling Bagging model and back weighted sampling Adaboost model and meta classifier was applied in section 5.It improved the detection accuracy of base classifiers through ensemble learning.We use two kinds of Bayesian classifier:NaiveBayes,Bayes Net and two kinds of decision tree classifier J48,RandomTree as the meta classifier ensemble learning.The experiment results show that the detection precision of DDoS four classifier are increased.When using RandomTree as the base classifier of the ensemble model to detect NSL-KDD data sets for detection,the classification modeling 11.34 s,the testing time is 0.15 s,and the correct detection rate of 99.8622%.The detection performance is optimal.(4)The method SU-Hybrid attribute selection and the ensemble learning are combined to detect DDoS attacks in order to reduce the time consumption of integrated learning.By usingthis method,the detection system can achieve the higher accuracy in a short time.When J48 classifier is used as the meta classifier of the system,the build model time is 4.71 s,and the test time is 0.12 s.The correct rate of detection is 99.8412%.It reduces the detection time obviously.