Multi-type low-rate DDoS attack detection method based on hybrid deep learning
Low-Rate distributed denial of service (DDoS) attack attacks the vulnerabilities in the adaptive mechanism of network protocols, posing a huge threat to the quality of network services.Low-Rate DDoS attack was characterized by high secrecy, low attack rate, and periodicity.Existing detection methods...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022001 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529836005228544 |
|---|---|
| author | Lijuan LI Man LI Hongjun BI Huachun ZHOU |
| author_facet | Lijuan LI Man LI Hongjun BI Huachun ZHOU |
| author_sort | Lijuan LI |
| collection | DOAJ |
| description | Low-Rate distributed denial of service (DDoS) attack attacks the vulnerabilities in the adaptive mechanism of network protocols, posing a huge threat to the quality of network services.Low-Rate DDoS attack was characterized by high secrecy, low attack rate, and periodicity.Existing detection methods have the problems of single detection type and low identification accuracy.In order to solve them, a multi-type low-rate DDoS attack detection method based on hybrid deep learning was proposed.Different types of low-rate DDoS attacks and normal traffic in different scenarios under 5G environment were simulated.Traffic was collected at the network entrance and its traffic characteristic information was extracted to obtain multiple types of low-rate DDoS attack data sets.From the perspective of statistical threshold and feature engineering, the characteristics of different types of low-rate DDoS attacks were analyzed respectively, and the effective feature set of 40-dimension low-rate DDoS attacks was obtained.CNN-RF hybrid deep learning algorithm was used for offline training based on the effective feature set, and the performance of this algorithm was compared with LSTM-Light GBM and LSTM-RF algorithms.The CNN-RF detection model was deployed on the gateway to realize the online detection of multiple types of low-rate DDoS attacks, and the performance was evaluated by using the newly defined error interception rate and malicious traffic detection rate indexes.The results show that the proposed method can detect four types of low-rate DDoS attacks online, including Slow Headers attack, Slow Body attack, Slow Read attack and Shrew attack, and the error interception rate reaches 11.03% in 120 s time window.The detection rate of malicious traffic reaches 96.22%.It can be judged by the results that the proposed method can significantly reduce the intensity of low-rate DDoS attack traffic at the network entrance, and can be deployed and applied in the actual environment. |
| format | Article |
| id | doaj-art-e2c09e4c7b5c40d4989aeebfb755d85b |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-e2c09e4c7b5c40d4989aeebfb755d85b2025-01-15T03:15:38ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-018738559571486Multi-type low-rate DDoS attack detection method based on hybrid deep learningLijuan LIMan LIHongjun BIHuachun ZHOULow-Rate distributed denial of service (DDoS) attack attacks the vulnerabilities in the adaptive mechanism of network protocols, posing a huge threat to the quality of network services.Low-Rate DDoS attack was characterized by high secrecy, low attack rate, and periodicity.Existing detection methods have the problems of single detection type and low identification accuracy.In order to solve them, a multi-type low-rate DDoS attack detection method based on hybrid deep learning was proposed.Different types of low-rate DDoS attacks and normal traffic in different scenarios under 5G environment were simulated.Traffic was collected at the network entrance and its traffic characteristic information was extracted to obtain multiple types of low-rate DDoS attack data sets.From the perspective of statistical threshold and feature engineering, the characteristics of different types of low-rate DDoS attacks were analyzed respectively, and the effective feature set of 40-dimension low-rate DDoS attacks was obtained.CNN-RF hybrid deep learning algorithm was used for offline training based on the effective feature set, and the performance of this algorithm was compared with LSTM-Light GBM and LSTM-RF algorithms.The CNN-RF detection model was deployed on the gateway to realize the online detection of multiple types of low-rate DDoS attacks, and the performance was evaluated by using the newly defined error interception rate and malicious traffic detection rate indexes.The results show that the proposed method can detect four types of low-rate DDoS attacks online, including Slow Headers attack, Slow Body attack, Slow Read attack and Shrew attack, and the error interception rate reaches 11.03% in 120 s time window.The detection rate of malicious traffic reaches 96.22%.It can be judged by the results that the proposed method can significantly reduce the intensity of low-rate DDoS attack traffic at the network entrance, and can be deployed and applied in the actual environment.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022001multi-typelow-rate DDoS attackhybrid deep learningfeature analysisattack detection |
| spellingShingle | Lijuan LI Man LI Hongjun BI Huachun ZHOU Multi-type low-rate DDoS attack detection method based on hybrid deep learning 网络与信息安全学报 multi-type low-rate DDoS attack hybrid deep learning feature analysis attack detection |
| title | Multi-type low-rate DDoS attack detection method based on hybrid deep learning |
| title_full | Multi-type low-rate DDoS attack detection method based on hybrid deep learning |
| title_fullStr | Multi-type low-rate DDoS attack detection method based on hybrid deep learning |
| title_full_unstemmed | Multi-type low-rate DDoS attack detection method based on hybrid deep learning |
| title_short | Multi-type low-rate DDoS attack detection method based on hybrid deep learning |
| title_sort | multi type low rate ddos attack detection method based on hybrid deep learning |
| topic | multi-type low-rate DDoS attack hybrid deep learning feature analysis attack detection |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022001 |
| work_keys_str_mv | AT lijuanli multitypelowrateddosattackdetectionmethodbasedonhybriddeeplearning AT manli multitypelowrateddosattackdetectionmethodbasedonhybriddeeplearning AT hongjunbi multitypelowrateddosattackdetectionmethodbasedonhybriddeeplearning AT huachunzhou multitypelowrateddosattackdetectionmethodbasedonhybriddeeplearning |