DDOS attack detection method and device based on lstm prediction model
A prediction model and attack detection technology, applied in the field of network communication, can solve the problems of high algorithm complexity, little packet information, and inability to distinguish DDoS attacks and flashcrowd events well, achieving low computational overhead and low complexity Effect
Active Publication Date: 2021-03-19
HAINAN UNIV
View PDF5 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] In the prior art, Zheng Y et al. analyzed from the data packet level and session level, and proposed a detection algorithm based on PCC time series, but this detection method cannot distinguish DDoS attacks and flash crowd events well, resulting in false positives. higher return rate
Nezhad S M T et al proposed a DoS and DDoS attack detection algorithm based on the ARIMA time series model and the chaotic system in the computer network, but this method only uses a certain number of data packets and source IP address information, and uses message information Fewer and can only detect a single type of DDoS attack
Andrysiak T et al. used the conditional variational method to optimize the parameters of the time series model to detect DDoS attacks. This detection method can improve the detection rate of DDoS attacks to a certain extent, but its algorithm complexity is high, so there is a certain lag in the detection results. sex
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0049] In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.
[0050] An embodiment of the present invention provides a DDoS attack detection method based on an LSTM prediction model. This method defines the statistical features of IP packets (IP-Data-counts Feature, IPDCF), builds an LSTM prediction model based on the IPDCF features, and uses Dropout to alleviate the over-fitting phenomenon of the LSTM prediction model, and predicts network traffic in a certain period of time in the future , to identify anomalies caused by DDoS attacks.
[0051] figure 1 is a schematic diagram of the LSTM unit model provided by the embodiment of the present invention.
[0052] Such as figure 1 As shown, Cell represents the memory of the state of the neuron unit, and sets a state parameter to record the state; ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides DDoS attack detection method based on a LSTM (Long Short-Term Memory) prediction model. The method comprises the following steps: sampling normal network traffic for n times according to certain sampling period, and calculating to obtain the IP packet statistical feature values of n normal networks, wherein n belongs to N; training the to-be-trained LSTM prediction model according to the IP packet statistical feature values of the n normal networks; determining the probability (Dropout=0.2) of selectively discarding a neuron by using grid search and hyper-parameter optimization, so as to correct the LSTM prediction model and relieve the over-fitting phenomenon; according to the corrected LSTM prediction model, calculating the predicted values of the IP packet statistical feature values in a further time interval; judging whether current network experiences DDoS attack according to the predicted values.
Description
technical field [0001] The invention relates to the technical field of network communication technology, in particular to a DDoS attack detection method and device based on an LSTM prediction model. Background technique [0002] Distributed Denial of Service (Distributed Denial of Service, referred to as DDoS) attack is currently hackers often use and difficult to prevent attacks. In recent years, with the rapid development of electronic encrypted virtual currency and the continuous increase of Internet of Things devices, DDoS attack methods have become more diversified, posing a huge threat to Internet security. [0003] In the prior art, Zheng Y et al. analyzed from the data packet level and session level, and proposed a detection algorithm based on PCC time series, but this detection method cannot distinguish DDoS attacks and flash crowd events well, resulting in false positives. The return rate is higher. Nezhad S M T et al proposed a DoS and DDoS attack detection algo...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/142H04L41/145H04L41/147H04L63/1416H04L63/1425H04L63/1458
Inventor 程杰仁唐湘滟黄梦醒罗逸涵
Owner HAINAN UNIV