摘要
目前对于应用层DDoS攻击的检测已经取得一定进展,但这类方法往往只能针对一种或几种特定类型的攻击,无法适应应用层中复杂多变的混合攻击。针对应用层DDoS攻击检测方法存在的不足,提出一种基于RF-SVM模型的应用层DDoS攻击检测方法。首先通过随机森林特征重要性算法评估混合攻击下具体特征的重要性,再根据FDRCA算法进行特征降维,最后通过SVM分类器进行分类。经过实验验证,RF-SVM模型能够适应应用层中复杂多变的混合攻击,通过与BP算法、单一SVM算法和HsMM算法比较,能够验证RF-SVM模型拥有较高的检测率和较好的混合攻击适应性。
At present,some progress has been made in detecting DDoS attacks at the application layer,but these methods can only detect one or several specific types of attacks and cannot adapt to the complex and changeable mixed attacks in the application layer.Therefore,a class of detection methods that adapt to hybrid attacks is urgently needed.Aiming at the deficiencies of DDoS attack detection methods in the current application layer,an application layer DDoS attack detection method based on the RF-SVM model is proposed.Firstly,the random forest feature importance algorithm evaluates the importance of specific features under mixed attacks.Then the feature dimension is reduced according to the FDRCA algorithm,and finally,the SVM classifier is used for classification.After experimental verification,the RF-SVM model can adapt to the application layer′s complex and changeable mixed attacks.By comparing the BP algorithm,the single SVM algorithm,and the HsMM algorithm,it can be verified that the RF-SVM model has a higher detection rate and better mixing attack adaptability.
作者
戴俭
唐勇
张婷婷
李云天
许云飞
张卫丰
DAI Jian;TANG Yong;ZHANG Ting-ting;LI Yun-tian;XU Yun-fei;ZHANG Wei-feng(School of Computing,Nanjing University of Posts and Telecommunications,Nanjing 210046,China;Colorful Interactive Network Technology Co.,Ltd.,Nanjing 210019,China;Information Technology Operation Center(Shanghai),Bank of China,Shanghai 201210,China)
出处
《软件导刊》
2023年第3期62-67,共6页
Software Guide
基金
国家自然科学基金面上项目(62272214)
南京市国际合作项目(202201010)。
关键词
分布式拒绝服务
支持向量机模型
随机森林
特征重要性评估
distributed denial of service
support vector machine model
random forest
feature importance assessment
