摘要
针对低密度资源耗尽型分布式拒绝服务(Distributed Denial of Service,DDoS)攻击检测进行研究,提出一种基于网络流量特征和自适应匹配追踪(Adaptive Matching Pursuit,AMP)的混合DDoS攻击检测算法.该算法从包含原始网络数据包的数据集中提取网络数据包的属性,生成特征向量,然后使用K-奇异值分解(K-Singular Value Decomposition,K-SVD)方法生成在Frobenius范数意义下具有最小残值的字典,其次基于匹配追踪(Matching Pursuit,MP)算法根据每个时间窗口的残差向量生成异常指示值,最后决策模块使用受训练的人工神经网络(Artificial Neural Network,ANN)生成警报.实验结果表明:对于所有流量类别(包括无攻击流量类别),本文算法的性能均优于所对比的算法.
Research on low-density resource exhausted distributed denial of service(DDoS)attack detection.In this paper a hybrid DDoS attack detection algorithm has been proposed based on network traffic characteristics and Adaptive Matching Pursuit(AMP).The algorithm extracts the attributes of the network packet from the data set containing the original network packet to generate a feature vector,and then uses the K-Singular Value Decomposition(K-SVD)method to generate a dictionary with the smallest residual value in the sense of the Frobenius norm,and then based on the MP algorithm according to each time The residual vector of the window generates an abnormal indication value,and finally the decision-making module uses a trained artificial neural network(ANN)to generate alerts.The experimental results show that for all traffic categories(including non-attack traffic categories),the performance of the proposed algorithm is better than the compared algorithm.
作者
孟伟东
毕方明
MENG Wei-dong;BI Fang-ming(College of Big Data Industry, Yancheng Kindergarten Teachers College, Yancheng Jiangsu 224005, China;School of Computer Science and Technology, China University of Mining and Technology, Xuzhou Jiangsu 221116, China)
出处
《西南师范大学学报(自然科学版)》
CAS
2021年第7期90-96,共7页
Journal of Southwest China Normal University(Natural Science Edition)
基金
上海智能信息处理重点实验室开放项目(IIPL-2019-10).
关键词
分布式拒绝服务攻击
自适应匹配追踪
网络流量特征
入侵检测系统
distributed denial of service attack
adaptive matching pursuit
network traffic characteristics
intrusion detection system
