Method for distinguishing DDoS attack and elephant flow based on PCA and random forest

A technology of random forest and random forest model, which is applied in the field of distinguishing DDoS attacks and elephant flows, and can solve problems such as discarding

Pending Publication Date: 2021-05-11
KUNMING UNIV OF SCI & TECH
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are many types of DDoS attacks, but many legitimate flows have similar characteristics to DDoS...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for distinguishing DDoS attack and elephant flow based on PCA and random forest
  • Method for distinguishing DDoS attack and elephant flow based on PCA and random forest
  • Method for distinguishing DDoS attack and elephant flow based on PCA and random forest

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0022] Embodiment 1: as figure 1 , 2 As shown, a method for distinguishing DDoS attacks and elephant flows based on PCA and random forest includes the following steps:

[0023] Step 1: Select the training set and test set from the DDoS data set, and add the elephant flow data set to the training set and test set respectively.

[0024] Step 2: The data in the training set is processed by PCA to reduce the dimensionality to obtain a low-dimensional feature matrix;

[0025] Step 3: put the low-dimensional feature matrix into the random forest model for training, and obtain a random forest classifier;

[0026] Step 4: Input the test set samples into the trained random forest classifier to obtain the classification results.

[0027] Further, as figure 2 As shown, in the second step, the data in the training set is processed by PCA to reduce the dimensionality to obtain a low-dimensional feature matrix. The specific process is as follows:

[0028] Step 1: Extract sample featur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for distinguishing a DDoS attack and an elephant flow based on PCA and a random forest, and belongs to the technical field of attack detection in a network. The method comprises the following steps: firstly, selecting a training set and a test set from a DDoS data set, and adding an elephant stream data set into the training set and the test set respectively; performing PCA processing and dimension reduction on the data in the training set to obtain a low-dimensional feature matrix; then putting the low-dimensional feature matrix into a random forest model for training to obtain a random forest classifier; and finally, inputting a test set sample into the trained random forest classifier to obtain a classification result. When a DDoS attack occurs, a legal elephant stream and a DDoS attack stream can be distinguished by using the random forest.

Description

technical field [0001] The invention relates to a method for distinguishing DDoS attacks and elephant flows based on PCA and random forest, and belongs to the technical field of attack detection in networks. Background technique [0002] Distributed Denial of Service (DDoS) attacks are a growing problem in the Internet. Attackers target some servers (also known as victims) with multiple puppet hosts to prevent normal use of their services. There are many types of DDoS attacks, but many legitimate flows have similar characteristics to DDoS flows, so many detection methods discard legitimate flows with similar characteristics to DDoS flows. For example, elephant flow, generally speaking, elephant flow carries a large amount of data and lasts for a long time. They are typically used for bulk data transfers, and elephant flows are popular in some networks, such as data center networks. Almost 90% of the data bytes on the network are contributed by elephant flows, but they onl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416H04L63/1458G06F18/2135G06F18/24323G06F18/214
Inventor 缪祥华胡晓红袁梅宇
Owner KUNMING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products