Research On DDoS Attack Detection Based On CNN And SVDD

The rapid development of Internet technology has affected or even changed the way of life of human beings in many ways and has facilitated people's lives.Although the Internet has made our lives more convenient,its vulnerability and the amount of information communicated through the Internet provide opportunities for adversaries to perform malicious activities within the infrastructure.Any host connected to the public Internet or even a private network is constantly threatened by potential attacks.Network security has become a very important factor for enterprises and organizations to consider.However,the fragility of the Internet and its huge amount of communication information give attackers the opportunity to carry out malicious attacks within their infrastructure,which has serious consequences.A DDoS attack is a very typical network attack.A DDOS attack will block many resources on the path to the target system,such as CPU power,bandwidth,memory,processing time,and so on.The main goal of any DDOS defense mechanism is to detect DDOS attacks as soon as possible and make them detectable as close as possible to their source.The application of convolutional neural network(CNN)in any application field includes many steps: data integration and preprocessing,training of machine learning models,and prediction and decision-making based on the training model.When applied to various classification problems,deep learning-based methods are superior to existing machine learning techniques.They eliminated the nonlinearity of the neural network,reduced the feature extraction dimension of high-dimensional data sets in an unsupervised manner,and applied deep learning to the implementation of various intrusion detection systems.Deep learning is a powerful tool that can provide the cognitive ability to identify security vulnerabilities,and has great potential and availability in processing and storage capabilities as well as large data sets.Aiming at the problem that traditional machine learning is not suitable for DDoS detection in the current big data environment,this paper builds a DDOS detection model based on deep learning technology CNN and SVDD algorithm.The detection model builds a new architecture that uses support vector data description(SVDD)and convolutional neural network(CNN)to detect distributed denial of service(DDOS)network attacks.Based on SVDD can be used for outlier detection to detect atypical objects from the data set,and can therefore improve the accuracy of the model.In this paper,SVDD is used with deep learning techniques during training data to achieve optimality.This work trains the convolutional neural network model by inputting the ISCX2012 data set into the convolutional neural network model.The ISCX2012 data set collects 7 days of network traffic and various types of DDoS malicious attack traffic data in a real network environment.The ISCX2012 data set is used as a sample data set for training the DDo S attack deep learning network model.The column provides information about the DDoS attack data message,including the data type name,capture time,source or target IP address,TCP/UDP message source or target port number,etc..Then ISCX2012 data set was analyzed and counted.In order to reduce the unreliability of the data set,the deep learning network model will undergo 15 rounds of training.In the deep learning training of network models,the first 80% of the data set is used to train the model,and the remaining 20% is used for accurate detection.The first 80% of the training set is input to the deep network model for each round of training model,and the remaining 20% is used as the validity data set for this round after training.Then repeat 15 rounds of training to improve the training accuracy of the model,and finally retain the final deep learning network model.In order to eliminate data bias,when input data is needed to train a deep learning network model,the method adopted in this paper mixes all attack packets with a random number of legitimate packets,and then re-sampling to obtain input data for training the network model.Then select various deep learning network models,conduct experiments and compare the final training accuracy,and finally select the deep learning network model with the highest detection rate for the detection of modular data traffic.The experiment uses the ISCX2012 data set to evaluate its performance,and uses percentage accuracy to quantify the performance of the model.The experimental results show that,under the experimental conditions based on this data,compared with a variety of existing latest methods,the method proposed in this paper has obtained the highest accuracy rate,proving that the algorithm combines the advantages of deep learning algorithms and can improve the detection ability.In the view of the current problem of insufficient labeled data in DDoS detection,this paper introduces a method of transfer learning.Transfer learning is a machine learning technology through which you can train and model tasks and then reuse them for related tasks,namely Use the knowledge learned in the setting to improve the optimization in another setting.The purpose of transfer learning is to use knowledge from the source domain,which has sufficient labeled data to help build more accurate models in related but different domains with little or no labeled data.In DDoS detection,the source task and the target task have the same state variables and actions.For homogeneous team scenarios and heterogeneous team scenarios,we can adopt transfer learning from simple scenarios to more complex scenarios.This paper proposes a new DDoS intrusion detection system that uses the CNN-SVDD framework model,and uses the principle of transfer learning applied with the data set NSL-KDD for pre-training,and uses the basic data set(ISCX2012)for model training and testing.In the initial pre-training process,applying the transfer learning with the NSL-KDD data set to pre-train the CNN model,adjust the model parameters to make it optimal,and then use the model to train the ISCX2012 data set,and finally use the final.The resulting model is tested.The transfer learning method uses other similar data for pre-training to compensate for the lack of label data during training and reduce training time.The experiment mainly includes learning strategies for three transfer learning methods,designing experimental analysis and selecting the optimal strategy.In the experiment,the detection rate and convergence speed of the three transfer learning strategies are compared.The evaluation indicators mainly include training time,algebra of convergence and accuracy rate after convergence.In order to simulate the lack of labeled data in transfer learning,this paper uses the standard data set of intrusion detection NSL-KDD data set to pre-train part of the CNN model,and randomly selects 20% of the original data as the training set,the test set constant.After the pre-training is completed,the training set is sent to the pre-trained model for training,and the models of three transfer learning strategies are tested on the test set.The experimental results show that the first type of transfer learning strategy has an increased convergence speed and reduced initial training loss compared with no transfer;the third type of convergence learning rate has increased compared with no transfer learning,but the final loss has also increased;The second category has no iterations,that is,the convergence speed is the fastest,and the final loss is the largest.The experimental results show that using the third transfer learning strategy can effectively improve the training efficiency,reduce the training time,and can ensure the accuracy of the test.The experimental results show that the CNN-SVDD model based on transfer learning can effectively solve the above two problems and is a practical DDoS attack detection model.