Detection Method Of DDoS Attack Based On Random Forest

Distributed Denial of Service(DDoS)attack,as a common attack technology derived from Denial of Service(DoS),has a simple attack method and remarkable attack effect,which can cause great damage to the network environment and its services.With the development of new technologies such as cloud computing,large data and artificial intelligence,as well as the expansion of the scale of the Internet of Things,the methods of DDoS attacks are becoming increasingly intelligent and diversified,and the attack capability and scale are growing,which brings great challenges to the existing detection of DDoS attacks.Existing DDoS attack detection methods,especially in large data environment,still have high false alarm rate and missing rate.Therefore,in order to solve this problem,according to the different performance of normal flow and attack flow in statistical characteristics,research work on DDoS attack detection methods is carried out,and a DDoS attack detection method based on random forest is proposed in this paper.The specific work is as follows:1.A DDoS attack detection method based on the network Flow Correlation Degree feature and Random Forest(RF)is proposed.Flow Correlation Degree(FCD)is defined according to the asymmetry and semi-directivity interaction characteristics of attack flow,and the two tuples form of Address Correlation Statistics(ACS)and Unidirectional Flow Semi Interaction(UFSI)is used as the feature of the network flow in FCD.Then,a classifier used for DDoS attack detection is generated by training the RF model based on FCD feature sequence.The experimental results show that the proposed method has higher accuracy,lower false alarm rate and missing rate than other similar methods,and is suitable for DDoS attack detection under big data environment.2.A DDoS attack detection method based on Combination Correlation Degree of network flow and decision tree parameter optimization algorithm in RF model is proposed.Combination Correlation Degree(CCD)feature is defined with weighted ACS and UFSI two tuples form.The weight ratio of ACS and UFSI is selected according to the best recognition effect of Validation set.Then two key parameters of decision tree in RF,namely,the number of maximum trees and the maximum depth of the sub-decision tree,are optimized by using genetic algorithm(GA)based on CCD feature sequence.Finally,the trained RF model within the optimized parameters is applied to generate a classifier to detect DDoS attacks.The experimental results show that the method can effectively increase the accuracy and reduce the false alarm rate and missing rate of detection method based on FCD features and RF model,further improve the detection ability of detection methods for early attacks,with good robustness.3.A DDoS attack detection method based on Combination Flow Ratio of network flow and Deep Forest(DF)is proposed.According to the asymmetry and semi-directivity interaction characteristics of high-traffic attack flow,the ratios of source,destination IP address and port,different protocol types and packet sizes of unidirectional and bidirectional flows in network are calculated.Combination Flow Ratio(CFR)feature is defined in the six-tuple form of these statistical ratio.The stable CFR feature sequence with smaller absolute value is obtained by logarithmic processing and translation transformation of the ratio data in CFR feature.Based on this feature sequence,the number and type of tree models in DF are determined.Finally,the DF model with super parameters is trained to generate classification model to detect DDoS attacks.The experimental results show that this method can effectively improve the timeliness of attack detection methods based on RF model,improve the accuracy and reduce false alarm rate and missing rate of the early DDoS attack detection,and improve the robustness of DDoS attack detection under big data.