Research On The Application Of Hybrid Model Of Hidden Markov Model (HMM) And Deep Neural Network (DNN) In Low-Rate Distributed Denial Of Service (L-DDoS) Attack Detection

With the rapid development of the Internet,network service has become an indispensable demand of the new era,and network attacks have become one of the most serious hazards.Distributed Denial of Service(DDoS)attack is one of the typical network attacks.As a new type of DDoS attacks,low-rate distributed denial of service(L-DDoS)attack has the characteristics of stronger concealment and greater harm.At present,the detection methods of L-DDoS attacks mostly adopt a single detection algorithm,which have high false alarm rate and missed alarm rate when multiple types of L-DDoS attacks occurred in the network.In order to address the disadvantage that single detection algorithm can not detect L-DDoS attacks which with multiple attack types or attack rates adaptively,the idea of hierarchical detection of L-DDoS attacks is proposed.A two-level detection model based on hidden Markov model(HMM)and deep neural network(DNN)is designed and implemented.The first level detection model adopts HMM algorithm,and Renyi entropy of network traffic is as the detection feature.From the perspective of probability,it uses the form of probability to correlate the changes of network traffic in different states,and classifies network traffic in the first level with fine granularity.The second level detection model adopts DNN algorithm.On the basis of the classification of the first level detection model,it uses a variety of network connection attributes as detection features,uses a deep-learning method to build a multi-layer neural network,and deep learns the characteristics of L-DDoS attacks flow,so that the model can effectively distinguish L-DDoS attacks flow from normal network communication flow,thereby improving the accuracy of attack detection and reducing the false alarm rate and the missed alarm rate.In order to verify the effectiveness of the proposed algorithm,this thesis extracts five kinds of low-rate denial-of-service(L-DoS)attacks data from the denial-of-service attacks dataset CICDoS and combines them into multiple types of mixed L-DDoS attacks data.Combining with normal traffic data,and simulating the network traffic data in real network under L-DDoS attacks as experimental data,this thesis compares and analyses the detection performance of HMM-DNN and SVM?KNN?HMM-R?DNN-C,etc.In addition,in order to verify the applicability of HMM-DNN model to other types of intrusion detection,this thesis extracts part of network attack data and normal communication data from CICIDS2017,and uses the HMM-DNN model to detect seven kinds of intrusion attacks in data sets.The experimental results show that the HMM-DNN model can not only detect multiple types of L-DDoS attacks with high accuracy,but also maintain a low false alarm rate and missed alarm rate.At the same time,the HMM-DNN model also has better detection performance for other intrusion attacks.