Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

DDoS attack detection based on hidden Markov and Q-learning cooperation

An attack detection and learning algorithm technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as low accuracy, link congestion, increased data transmission delay, and incomplete response.

Inactive Publication Date: 2019-04-16
BEIJING UNIV OF TECH
View PDF2 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] DDoS attacks will cause changes in traffic flow, number distribution of access protocols, proportion of data packets of different types of the same protocol, number and distribution of access source addresses, and data packet header information at the network layer level, and lead to link congestion and data transmission. The delay is greatly increased
There are two main problems in the flow-based detection method: first, the threshold setting, which is set according to the network traffic under long-term monitoring of the normal condition of the network.
Anomaly-based detection methods are often combined with artificial intelligence and automatic control theory to detect unknown types of attacks, but the detection accuracy is relatively low, which is a hot spot in the current intrusion detection system research
In terms of response means, the existing response method is generally to interrupt the suspected network connection, but it is easy to cause incomplete response, reduce the service quality of normal service, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection based on hidden Markov and Q-learning cooperation
  • DDoS attack detection based on hidden Markov and Q-learning cooperation
  • DDoS attack detection based on hidden Markov and Q-learning cooperation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The present invention is explained and elaborated below in conjunction with relevant accompanying drawings:

[0040] In order to make the object, technical solution and features of the present invention clearer, the present invention will be further described in detail below in conjunction with specific implementation examples and with reference to the accompanying drawings. The overall frame diagram of the method of the present invention is as figure 1 shown. The flow of each step is described as follows:

[0041] 1) Grab the feature representation based on the TCP connection state from the network data stream;

[0042] 2) Count the number of normal and abnormal network connection states, and show the probability matrix between the state and the observed value;

[0043] 3) Use the Baum-Welch algorithm in the hidden horse model to iteratively establish and train the optimal HMM model parameters;

[0044] 4) After training the single-point detection model, use distri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DDoS attack detection based on hidden Markov and Q-learning cooperation. The method comprises the following steps: by combining related theory of the hidden Markov model, proposing a DDoS attack detection based on hidden Markov model and TCP connection state combination on the basis of the existing detection method; firstly capturing different historic data from a networkdata stream, wherein the historic data comprises normal data traffic and the data traffic suffering from the DDoS attack; respectively acquiring TCP connection states of a network transmission unit,an attacker and a target host, and learning model parameters, thereby enabling the Hidden Markov model to accurately describe a state sequence of the network data stream dynamic TCP connection; on thebasis of a single-point detection model, proposing a detection method based on distributed cooperation Q learning for the problem in the distributed detection by combining the related theory of the Qlearning in the reinforcement learning. Through the experiment contrast analysis, the communication quantity among various detection points in the system is reduced, and running efficiency of the system is improved.

Description

technical field [0001] The invention relates to a DDoS attack detection method based on hidden Markov and Q learning cooperation, belongs to the field of machine learning information security, and relates to the combination and use of machine learning classification algorithms and Q learning algorithms in reinforcement learning. Background technique [0002] The traditional denial of service (Denial of Service, DoS) refers to the creation of a large number of data packets flowing into the target host through malicious network access, illegal requests and accesses, malicious occupation of network bandwidth and system resources for the purpose of consuming system resources, and ultimately make the A denial-of-service attack caused by the target system causing congestion so that the target system cannot provide services to its legitimate users. Distributed Denial of Service attack (Distributed Denial of Service, DDoS) consists of four parts, that is, the attack master control p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26H04L29/06H04L29/08
CPCH04L41/0631H04L41/142H04L41/145H04L41/147H04L43/16H04L63/1408H04L63/1458H04L67/14
Inventor 白玲玲宁振虎薛菲杨永丽张诗强
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com