一种增量式GHSOM算法在DDoS攻击检测中的应用
    点此下载全文
引用本文:刘纪伟,李睿楠,张玉,梁彧.一种增量式GHSOM算法在DDoS攻击检测中的应用[J].南京邮电大学学报:自然科学版,2020,40(3):82~88
摘要点击次数: 80
全文下载次数: 51
作者单位
刘纪伟 国家计算机网络与信息安全管理中心河北分中心河北石家庄050021 
李睿楠 北京邮电大学 国际学院北京102206 
张玉 国家计算机网络与信息安全管理中心河北分中心河北石家庄050021 
梁彧 恒安嘉新(北京)科技股份公司北京100086 
基金项目:河北省重点研发计划(20310701D)和国家计算机网络与信息安全管理中心青年基金(2019Q34)资助项目
中文摘要:分布式拒绝服务(distributed denial of service,DDoS)攻击自出现以来一直是全球互联网网络安全的重要威胁之一。目前很多DDoS攻击检测方法虽然对已知类型攻击具有较高的检测率,但是不能有效识别新的攻击类型,无法应对DDoS攻击形式变化多和快的特点。为了准确检测出DDoS攻击,同时使检测模型具有良好的自适应性、扩展性和较低的更新代价,以应对层出不穷的DDoS攻击,提出了一种综合考虑网络流量双向特征、固定特征和统计特征,采用增量式GHSOM(Growing Hierarchical Self Organizing Maps)神经网络算法的DDoS攻击检测方法。首先,根据DDoS攻击流量的特点提取流量特征,组成流量八元组联合特征,然后利用增量式GHSOM神经网络算法进行异常流量分析,最后,通过实验验证检测方法的有效性。实验结果表明,提出的DDoS攻击检测方法不仅能够有效检测出已知类型的DDoS攻击,而且能够实现对检测模型的在线动态更新,对于新出现的DDoS攻击类型,具有相同的检测率。
中文关键词:DDoS攻击  增量式GHSOM  八元组联合特征  动态更新
 
Incremental GHSOM algorithm for DDoS attack detection
Abstract:Distributed denial of service (DDoS) attacks have been one of the important threats to global Internet network security since their emergence. At present, although many current DDoS attack detection methods have a high detection rate for known types of attacks, but they cannot effectively identify new types of attacks and cope with the characteristics of the DDoS attack changing and rapid changes. To accurately detect DDoS attacks, while making the detection model have good adaptability, scalability and low update costin response to emerge in endlessly DDoS attacks, a DDoS attack detection method using incremental growing hierarchical self organizing map (GHSOM) neural network algorithm and comprehensive consideration of the bidirectional characteristics, fixed characteristics and statistical characteristics of network traffic is proposed. Firstly, according to the characteristics of the network attack traffic, the traffic 8 tuple union feature is extracted.Then, the incremental GHSOM neural network algorithm is used to analyze the abnormal traffic. Finally, the validity of the detection method is verified by the experiments. Experimental results show that the proposed DDoS attack detection method can detect known types of DDoS attacks effectively and realize the online dynamic update of the detection model. The newly detected DDoS attack types have the same detection rate.
keywords:distributed denial of service (DDoS) attack  incremental growing hierarchical self organizing map(GHSOM)  8 tuple union feature  dynamic update
查看全文  查看/发表评论  下载PDF阅读器

你是第3044581访问者
版权所有《南京邮电大学学报(自然科学版)》编辑部
Tel:86-25-85866913 E-mail:xb@njupt.edu.cn
技术支持:本系统由北京勤云科技发展有限公司设计