Adaptive DDoS attack detection method based on multiple-kernel learning

by   Jieren Cheng, et al.

Distributed denial of service (DDoS) attacks have caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the inter-class mean with a gradient ascent and reducing the intra-class variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple kernel learning (SMKL) models with two characteristics including inter-class mean squared difference growth (M-SMKL) and intra-class variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.


page 1

page 2

page 3

page 4


A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning

Distributed Denial of Service (DDoS) attack has become one of the most d...

DDoS attack detection method based on feature extraction of deep belief network

Distributed Denial of Service (DDOS) attack is one of the most common ne...

DDoS Attack Detection Method Based on Network Abnormal Behavior in Big Data Environment

Distributed denial of service (DDoS) attack becomes a rapidly growing pr...

Adequacy of the Gradient-Descent Method for Classifier Evasion Attacks

Despite the wide use of machine learning in adversarial settings includi...

Early Jamming Detection in Mobile Indoor Scenarios via Deep Learning

The current state of the art on jamming detection relies on link-layer m...

Bidirectional RNN-based Few-shot Training for Detecting Multi-stage Attack

"Feint Attack", as a new type of APT attack, has become the focus of att...

A DNS Tunnel Sliding Window Differential Detection Method Based on Normal Distribution Reasonable Range Filtering

A covert attack method often used by APT organizations is the DNS tunnel...

Please sign up or login with your details

Forgot password? Click here to reset