Research And Implementation Of A DoS Attack Detection Method Based On Multi-source Data Fusion

In this paper,a detection method for DoS attack is realized by combining data fusion method and neural network.The basic probability assignment(BPA)value of various attacks can be acquired through neural network,and then final result will be obtained with the assistance of improved D-S evidence theory and acquired BPA.The research mainly focuses on the application of data fusion method in the field of DoS attack detection.Moreover,some improvements are made to the applied data fusion method.Firstly,the background and significance of this research are described briefly.After that,the basic concept of data fusion,process of data fusion,hierarchical division of data fusion and advantages of data fusion are introduced.Several kinds of technology in the field of data fusion are compared and analyzed.The main work and innovation points of this paper are as follows:(1)Aiming at some inherent problems existing in the classical D-S evidence theory,namely,the unreasonable fusion result in the case of serious or complete conflict between different sources,and the problem that the acquisition of BPA depends on expert experience,we put forward an improved method.First of all,after the study of the improvement of classical D-S evidence theory by researchers over the years,the two concepts of fuzzy membership degree fA and data source average support degree SA are introduced into the classical D-S evidence theory,which are added into the fusion formula as weight factors to improve the accuracy of data fusion results.We conducted experiments on the three aspects of severe conflict,complete conflict and the addition of new evidence sources,respectively,which proved the superiority of this method compared with previous methods.(2)Secondly,by introducing a neural network with strict internal logic,good at approximating complex nonlinear relations and fast convergence,we can get a more accurate BPA.The optimization algorithm of neural network is also improved,and a new optimization algorithm on the basis of Adam algorithm has made the improvement,which introduces the concept of third order moment estimator,according to the improvement methods of deep learning optimization algorithm and the idea of Adam algorithm.In this way,the learning rate will increase relatively,so that the algorithm can quickly approach to the optimal solution in the early stage of training,and the learning rate will not be too low in the later stage of training,thus alleviating the problem of the early end of training,and preventing to some extent the problem that Adam algorithm may miss the global optimal solution.We also introduce the ideas of dynamic control vector to avoid the adaptive vector fluctuating problem in iterative process,making the vector in the training process monotone decreasing,so as to ensure the final model will be convergence.The advantages of the improved optimization algorithm proposed in this paper are verified in terms of convergence speed and classification accuracy.(3)A detection method for DoS attack is realized by combining neural network and D-S evidence theory based on the work mentioned above.The scheme is composed of four components:data acquisition,data preprocessing,acquisition of BPA and data fusion.The method is verified with data obtained in the experimental environment,proving that it is accurate in detecting common types of DoS attack.By capturing and analyzing the logs and traffic flow of IDS,firewall and other facilities,the DoS attack in network flow is detected,so as to provide strong support for network security decision.