Adaptive DDoS attack detection method based on multiple-kernel learning

05/20/2019
by   Jieren Cheng, et al.
0

Distributed denial of service (DDoS) attacks have caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the inter-class mean with a gradient ascent and reducing the intra-class variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple kernel learning (SMKL) models with two characteristics including inter-class mean squared difference growth (M-SMKL) and intra-class variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset