Research On DDoS Attack Detection Based On Deep Learning

Distributed Denial of Service(DDoS)has become one of the most difficult network security problems,which has brought great harm to the network society.How to accurately process large amounts of information in a short period of time is an important challenge for DDoS detection.This paper analyzes the current DDoS attack detection methods at domestic and foreign,and can study the attributes of DDoS samples that are divided into two categories,one is the case where the amount of DDoS data is small and the sample attributes are small;the other is the case where the amount of DDoS is large and the sample attributes are large;this paper proposes a detection method for the above two types of situations.The main work and innovations of this paper are as follows:1)This paper builds the Kubernetes distributed training environment,and builds the TensorFlow cluster on the Kubernetes distributed system,using Kubernetes container orchestration technology,which can make full use of various machine resources including CPU,disk and memory,so as to provide higher efficiency training ability.2)For detecting DDoS attacks(NSL-KDD),the amount of data is small and the sample attributes are relatively small;The traditional convolutional neural network(CNN)algorithm arise over-fitting,which leads to a decrease in accuracy.This paper proposes an improved CNN detection method,which uses the global average pooling layer instead of the fully connected layer.The idea is to generate a feature map of the corresponding category in a classification task in the last convolutional layer,and then find each corresponding category.The average of the feature maps is finally classified by feeding the average feature vector into the Sigmoid layer.Through experiment comparison,the improved CNN model was used to train DDoS data with an accuracy rate of 99.83%.3)For detecting DDoS attacks(CICIDS2017),the amount of data is large and the sample attributes are relatively large;using the traditional cyclic neural network(RNN)algorithm to detect the problem that the detection time is too long.This paper proposes an improved DDoS attack detection system based on RNN model,which is sliced cyclic neural network(SRNN).This algorithm is to divide the sample DDoS data set into multiple sub-sample data,and then send each sub-sample data in paralle Into the neural network model,let the LSTM cycle unit work simultaneously on each subsequence of each layer to achieve parallelization calculation,and use the Adam optimization algorithm instead of the traditional stochastic gradient descent algorithm.Through a large number of experimental comparisons,the training speed and accuracy of the SRNN model is significantly higher than RNN.Finally,using the built Kubernetes distributed deep learning system for neural network training,the experimental results show that the SRNN(4,3)model has the highest accuracy,the training time is the shortest,the detection accuracy is 99.86%,and the training time is 237.54 s.