Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A ddos ​​identification method and system based on multi-dimensional state transition matrix features

A state transition matrix, multi-dimensional technology, applied in the field of information, can solve problems such as low precision, not yet covered pattern features, etc., to achieve the effect of low consumption

Active Publication Date: 2020-12-22
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The identification method based on machine learning can identify DDos attacks at a finer granularity, but it relies on training data, and the existing features at this stage only focus on statistical features and have not yet covered pattern features, making their precision lower than traditional ones in some scenarios. method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A ddos ​​identification method and system based on multi-dimensional state transition matrix features
  • A ddos ​​identification method and system based on multi-dimensional state transition matrix features
  • A ddos ​​identification method and system based on multi-dimensional state transition matrix features

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0071] Example 1: DDos identification on the deployment environment

[0072] exist figure 2 Experiments were carried out in the environment shown. The DDos traffic is generated by LOIC, PyLoris, DABOSET, Glodeneye, Hulk, Slowsloris, Torshammer, and hping3, eight commonly used DDos attack tools used by hackers, and the normal traffic is generated by the normal behavior of users. After feature extraction, 20W pieces of DDos data and 40W pieces of normal data are obtained for training to generate a recognition model. 10W pieces of DDos data in the same dimension and 10W pieces of normal data were tested, with an accuracy rate of 99.5% and a misjudgment rate of only 0.4%.

example 2

[0073] Example 2: Identification on the public dataset CIC-IDS-2017

[0074] The public data set CIC-IDS-2017 contains 8.23GB of Pcap files. After feature extraction, 13W pieces of normal data and 9W pieces of DDos data are obtained. Using ten-fold cross-validation for evaluation, the accuracy rate is 97.4%, and the misjudgment rate is 1.7%.

[0075] Another embodiment of the present invention provides a DDos identification system based on multi-dimensional state transition matrix features, which includes:

[0076] The data collection module is responsible for collecting network flow metadata and marking DDos traffic and normal traffic;

[0077] The multi-dimensional feature building module is responsible for extracting multi-dimensional features of DDos based on the state transition matrix by using the collected and labeled network flow metadata;

[0078] The model training module is responsible for using the extracted multi-dimensional features and using machine learning a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a DDos recognition method and system based on a multi-dimensional state transition matrix feature. The method comprises the following steps: 1) acquiring network flow metadataand labeling DDos traffic and normal traffic; 2) extracting the multi-dimensional features of DDos based on a state transition matrix by using the acquired and labeled network flow metadata; 3) training a classification model with the extracted multi-dimensional features by a machine learning algorithm; and 4) inputting network flow data to be measured according to the multi-dimensional featuresextracted in the step 2) to obtain a DDos recognition result. According to the method, network behavior features which can effectively depict different DDos attack tactics are extracted, and the machine learning algorithm is adopted for training and learning, so that DDos attacks can be recognized accurately and completely with less prior knowledge of scenes.

Description

technical field [0001] The invention belongs to the field of information technology, and in particular relates to a DDos identification method and system based on the characteristics of a multi-dimensional state transition matrix. Background technique [0002] With the continuous development of the Internet and information technology, network attack methods emerge in endlessly, but distributed denial of service (Distributed Denial of Service, DDoS) is still one of the best, its method is simple, destructive, widely used by attackers used in more and more diverse forms. The Internet is currently developing towards the "Internet of Things", which means that hundreds of devices will be connected to the Internet; in addition, the development of cloud computing and other technologies has led to the rapid growth of Internet applications and services, making the backbone network traffic It has reached the order of magnitude of Tbps. The above reasons make it more and more difficu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06N20/00
CPCH04L63/1416H04L63/1458
Inventor 曹自刚扶佩佩管洋洋侯江畔
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com