Distributed Denial-of-Service(DDoS)has caused great damage to the network in the big data environment.Existing methods are characterized by low computational efficiency,high false alarm rate and high false alarm rate....Distributed Denial-of-Service(DDoS)has caused great damage to the network in the big data environment.Existing methods are characterized by low computational efficiency,high false alarm rate and high false alarm rate.In this paper,we propose a DDoS attack detection method based on network flow grayscale matrix feature via multi-scale convolutional neural network(CNN).According to the different characteristics of the attack flow and the normal flow in the IP protocol,the seven-tuple is defined to describe the network flow characteristics and converted into a grayscale feature by binary.Based on the network flow grayscale matrix feature(GMF),the convolution kernel of different spatial scales is used to improve the accuracy of feature segmentation,global features and local features of the network flow are extracted.A DDoS attack classifier based on multi-scale convolution neural network is constructed.Experiments show that compared with correlation methods,this method can improve the robustness of the classifier,reduce the false alarm rate and the missing alarm rate.展开更多
基金This work was supported by the Hainan Provincial Natural Science Foundation of China[2018CXTD333,617048]National Natural Science Foundation of China[61762033,61702539]+1 种基金Hainan University Doctor Start Fund Project[kyqd1328]Hainan University Youth Fund Project[qnjj1444].
文摘Distributed Denial-of-Service(DDoS)has caused great damage to the network in the big data environment.Existing methods are characterized by low computational efficiency,high false alarm rate and high false alarm rate.In this paper,we propose a DDoS attack detection method based on network flow grayscale matrix feature via multi-scale convolutional neural network(CNN).According to the different characteristics of the attack flow and the normal flow in the IP protocol,the seven-tuple is defined to describe the network flow characteristics and converted into a grayscale feature by binary.Based on the network flow grayscale matrix feature(GMF),the convolution kernel of different spatial scales is used to improve the accuracy of feature segmentation,global features and local features of the network flow are extracted.A DDoS attack classifier based on multi-scale convolution neural network is constructed.Experiments show that compared with correlation methods,this method can improve the robustness of the classifier,reduce the false alarm rate and the missing alarm rate.
