期刊文献+

基于词袋模型的分布式拒绝服务攻击检测 被引量:2

Distributed denial of service attack recognition based on bag of words model
下载PDF
导出
摘要 针对分布式拒绝服务(DDo S)攻击有效荷载快速变化,人工干预需要依赖经验设定预警阈值以及异常流量特征码更新不及时等问题,提出一种基于二进制流量关键点词袋(BSP-Bo W)模型的DDo S攻击检测算法。该算法可以自动从当前网络的流量数据中训练得到流量关键点(SP),针对不同拓扑网络进行自适应异常检测,减少频繁更新特征集带来的人工成本。首先,对已有的攻击流量和正常流量进行均值聚类,寻找网络流量中的SP;然后,将原有的流量转化映射到相应SP上使用直方图进行形式化表达;最后,通过欧氏距离进行DDo S攻击的分类检测。在公开数据库DARPA LLDOS1.0上的实验结果表明,所提算法的异常网络流量识别率优于现有的局部加权学习(LWL)、支持向量机(SVM)、随机树(Random Tree)、logistic回归分析(logistic)、贝叶斯(NB)等方法。所提的基于词袋聚类模型算法在拒绝服务攻击的异常流量识别中有很好的识别效果和泛化能力,适合部署在中小企业(SME)网络流量设备上。 The payload of Distribute Denial of Service (DDoS) attack changes drastically, the manual intervention of setting warning threshold relies on experience and the signature of abnormal traffic updates not timely, an improved DDoS attack detection algorithm based on Binary Stream Point Bag of Words (BSP-BoW) model was proposed. The Stream Point (SP) was extracted automatically from current network traffic data, the adaptive anomaly detection was carried out for different topology networks, and the labor cost was reduced by decreasing frequently updated feature set. Firstly, the mean clustering was carried out for the existing attack traffic and normal traffic to look for SP in the network traffic. Then, the original traffic was mapped to the corresponding SP for formalized expression by histogram. Finally, the DDoS was detected and classified by Euclidean distance. The experimental results on public database DARPA LLDOS1.0 show that, compared with Locally Weighted Learning (LWL), Support Vector Machine (SVM), Random Tree (RT), Logistic regression analysis (Logistic), Naive Bayes (NB), the proposed algorithm has higher recognition rate of abnormal network traffic. The proposed algorithm based on BoW model has the good recognition effect and generalization ability in abnormal network traffic recognition of denial of service attack, which is suitable for the deployment in the Small Medium Enterprise (SME) network traffic equipment.
出处 《计算机应用》 CSCD 北大核心 2017年第6期1644-1649,1662,共7页 journal of Computer Applications
基金 贵州省科学基金资助项目(黔科合LH字[2014]7634号 黔科合J字[2011]2328号)~~
关键词 词袋 机器学习 聚类 分布式拒绝服务攻击 异常流量识别 流量关键点 Bag of Words (BoW) machine learning clustering Distributed Denial of Service (DDoS) attack anomalytraffic detection Stream Point (SP)
  • 相关文献

参考文献8

二级参考文献161

共引文献239

同被引文献7

引证文献2

二级引证文献6

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部