Research On DDoS Attack Detection Based On Multi-kernel Learning And Neural Network

Distributed Denial Service(DDoS)has caused huge losses to society.DDoS is a network attack that is easy to implement,difficult to trace,and destructive that has always attracted the attention of researchers.At present,DDoS feature extraction often has problems such as low feature value dimension,large empirical observation dependency,and low utilization of raw data information.In addition,the detection model is not further optimized for the characteristics of the DDoS attack.Therefore,this paper conducts in-depth research on feature extraction and model detection.The work is as follows:1.Five characteristics are defined by combining the burstiness of DDoS attack,the distribution of addresses,and the interactivity of communication.Using the Simple Multiple Kernel Learning(SMKL),the M-SMKL that increases the mean between classes and the S-SMKL that reduces the intra-class variance are trained.And the results of the two classifiers are combined using a sliding window mechanism.According to reducing the ratio of variance to the mean(RS/M)and the ratio of the intra-class variance to the inter-class mean(Increasing the ratio of the variance to mean,IS/M),two multi-kernel learning models of IS/M-SMKL and RS/M-SMKL are optimized.The experimental results show that compared with the similar methods,our model can quickly and effectively detect DDoS attacks at different stages.2.This paper counts the number of types of attributes in the network stream,and then converts these values into binary of equal length.These bins are used as input to the deep belief network,and the deep Belief Network(DBN)is trained in an unsupervised manner,and then the number of bottleneck nodes is determined by canonical correlation analysis(CCA).The parameters of the node below the bottleneck layer are merged with the parameters of the bottleneck layer node.The fused DBN is used to initialize a feedforward neural network(FFNN)and train in a supervised manner.In the training process of each batch of FFNN,this paper use the information of each sample to change the gradient of the network to improve the influence of normal samples.The experimental results show that compared with similar methods,the features extracted by our method can not only improve the utilization of raw data information,but also reduce the impact of unbalanced data.3.This paper proposes a multi-angle multi-layer feature extraction method.First,according to the DDoS address and port distribution,the diversity of different protocol packet sizes,the number of packets,etc,the original data is converted to equal length binary.And this paper uses the weighted average method to make the current sampling points combine with the samples collected for a period of time.The acquired samples are then used as input to train the DBN in an unsupervised manner and use the trained DBN to initialize two FFNNs respectively,one of which carries out supervised training.Finally,the data input to the two FFNNs to be extracted is layer-by-layer fusion by the CCA method and the data of each layer is used as an attribute of the sample.The experimental results show that our method can extract more stable and richer features under large-scale network data.