Research On HTTP DDoS Attack Detection Method Based On Machine Learning

Nowadays,the Internet is more and more important in our daily life,and it is bringing dramatic changes to people's communication and business.DDoS attacks are the main threats to the network all the time.Over the years,DDoS attacks have continued to evolve The defense capabilities of the network layer and the transport layer have become more and more powerful,and the attacker's target has turned to the application layer.The DDoS attacks based on the HTTP protocol at the application layer have been on the rise for several years,and the complexity has also increased[1].Therefore,the detection of HTTP-DDoS attacks is still important in the field of network security.Over the years,many scholars have already proposed methods for the detection of HTTP-DDoS attacks based on machine learning.These methods can solve the problem of low efficiency of traditional methods because of constructing detection rules.They can also quickly understand the network traffic difference,and improve the detection rate of unknown attacks.Therefore,this article aims to apply the current popular machine learning-related theoretical methods and techniques,and to extract and analyze the different attribute characteristics of attack traffic based on the characteristics of HTTP-DDoS attacks,to achieve efficient and accurate detection of DDoS attacks.The main works of this paper are as follows(1)The paper introduces related background knowledge,analyzes and discusses the methods proposed in the literature in recent years,and summarizes the current deficiencies and challenges.The HTTP protocol is introduce briefly,and the principles and classification of HTTP-DDoS attacks are explained in detail.The concepts and related theories of machine learning are introduced.(2)Aiming at the existing HTTP-DDoS attack detection methods using a single feature,insufficient detection versatility,and the method based on machine learning,while ensuring the detection rate,it takes more time and so on.This paper proposes a HTTP-DDoS attack detection method based on XGBoost-LR.This method uses XGBoost technology to select features to reduce the dimensionality,and then uses LR(Logistic Regression)to classify attacks.The method includes data normalization,feature selection and detection classification.The results and analysis shown that the XGBoost-LR detection method is superior to the detection method that directly uses logistic regression to model user behavior in the three indicators of accuracy,accuracy,and training time;at the same time,in memory In terms of consumption,there are also obvious advantages(3)Aiming at the problems of current detection research results in terms of detection accuracy,detection efficiency,and implementation complexity,as well as the large redundancy between DDoS attack variables selected based on random forest,This paper proposes OPRFM-based HTTP-DDoS attack detection method.This method improves the random forest voting mechanism.Based on the improved random forest,an improved random forest classification model(OPRFM)for detecting HTTP-DDoS attacks is proposed.OPRFM optimizes the selection of different attributes and establishes a classifier to accurately detect DDoS attacks.The results and analysis shown that the proposed HTTP-DDoS attack detection method based on OPRFM is superior to the traditional random forest algorithm in terms of accuracy of detection results.