2 research outputs found
Adaptive DDoS attack detection method based on multiple-kernel learning
Distributed denial of service (DDoS) attacks have caused huge economic losses
to society. They have become one of the main threats to Internet security. Most
of the current detection methods based on a single feature and fixed model
parameters cannot effectively detect early DDoS attacks in cloud and big data
environment. In this paper, an adaptive DDoS attack detection method (ADADM)
based on multiple kernel learning (MKL) is proposed. Based on the burstiness of
DDoS attack flow, the distribution of addresses and the interactivity of
communication, we define five features to describe the network flow
characteristic. Based on the ensemble learning framework, the weight of each
dimension is adaptively adjusted by increasing the inter-class mean with a
gradient ascent and reducing the intra-class variance with a gradient descent,
and the classifier is established to identify an early DDoS attack by training
simple multiple kernel learning (SMKL) models with two characteristics
including inter-class mean squared difference growth (M-SMKL) and intra-class
variance descent (S-SMKL). The sliding window mechanism is used to coordinate
the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results
indicate that this method can detect DDoS attacks early and accurately
A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning
Distributed Denial of Service (DDoS) attack has become one of the most
destructive network attacks which can pose a mortal threat to Internet
security. Existing detection methods can not effectively detect early attacks.
In this paper, we propose a detection method of DDoS attacks based on
generalized multiple kernel learning (GMKL) combining with the constructed
parameter R. The super-fusion feature value (SFV) and comprehensive degree of
feature (CDF) are defined to describe the characteristic of attack flow and
normal flow. A method for calculating R based on SFV and CDF is proposed to
select the combination of kernel function and regularization paradigm. A DDoS
attack detection classifier is generated by using the trained GMKL model with R
parameter. The experimental results show that kernel function and
regularization parameter selection method based on R parameter reduce the
randomness of parameter selection and the error of model detection, and the
proposed method can effectively detect DDoS attacks in complex environments
with higher detection rate and lower error rate