计算机工程与科学2018,Vol.40Issue(12):2164-2172,9.DOI:10.3969/j.issn.1007-130X.2018.12.010
基于HMM时间序列预测和混沌模型的DDoS攻击检测方法
A DDoS attack detection method based on HMM time series prediction and chaos model
摘要
Abstract
The distributed denial of service (DDoS) attack is one of the most destructive attacks in the network environment.Existing attack detection algorithms based on machine learning often use the eigenvalues of a time to be classified to perform classification.However, the correlation with the features of its adjacent time is not taken into account.The false positive rate and false negative rate therefore are high.We propose a DDoS attack detection method based on hidden Markov model (HMM) time series prediction and chaos model.Aiming at the burstiness of mass attack traffic, we firstly define the network traffic weighted features (NTWF) and network flow average rate (NFAR) to describe the features of network traffic.Then, we use the hierarchical clustering algorithm to classify training sets to get the hidden layer state (HLS) sequences.We employ the NTWF sequence and HLS sequence to conduct supervised learning of the HMM, and predict the NTWF sequence by the state transition matrix and confusion matrix obtained before.Finally, we analyze the prediction error of NTWF sequences by the chaotic model, which is combined with the NFAR-based rules, to distinguish attack behavior.Experimental results show that compared with similar methods, the propose method has lower false positive rate and false negative rate.关键词
分布式拒绝服务/攻击检测/隐马尔科夫模型/混沌分析/时间序列Key words
DDoS/attack detection/hidden Markov model/chaos analysis/time series分类
信息技术与安全科学引用本文复制引用
董哲,唐湘滟,程杰仁,张晨,林福生..基于HMM时间序列预测和混沌模型的DDoS攻击检测方法[J].计算机工程与科学,2018,40(12):2164-2172,9.基金项目
海南省自然科学基金(617048,2018CXTD333) (617048,2018CXTD333)
国家自然科学基金(61762033,61702539) (61762033,61702539)
湖南省自然科学基金(2018JJ3611) (2018JJ3611)
浙江省公益技术应用社会发展项目(LGF18F020019) (LGF18F020019)
海南大学博士启动基金(kyqd1328) (kyqd1328)
海南大学青年基金(qnjj14444) (qnjj14444)
南海海洋资源利用国家重点实验室资助 ()
