GhostMamba-SAN：一种高效的DDoS攻击检测模型

包晓安; 杨奉豪; 范云龙; 涂小妹; 胡天缤; 吴彪

doi:10.11959/j.issn.1000-0801.DXKX250676

您当前的位置：

首页 >

文章列表页 >

GhostMamba-SAN：一种高效的DDoS攻击检测模型

研究与开发 | 更新时间：2026-06-17

- GhostMamba-SAN：一种高效的DDoS攻击检测模型
- GhostMamba-SAN: an efficient DDoS attack detection model
- 电信科学 2026年42卷第5期页码：130-142
- 作者机构：
  
  1.浙江理工大学计算机科学与技术学院，浙江杭州 310018
  2.浙江广厦建设职业技术大学城乡建设学院 , 浙江东阳 322100
  3.河海大学人工智能与自动化学院，江苏常州 213000
  4.浙江理工大学理学院，浙江杭州 310018
- 作者简介：
  
  包晓安（1973- ），男，浙江理工大学计算机科学与技术学院教授，主要研究方向为网络安全、软件可靠性和深度学习。
  杨奉豪（2001- ），男，浙江理工大学计算机科学与技术学院硕士生，主要研究方向为网络与系统安全、网络流量分类。
  范云龙（2000- ），男，浙江理工大学计算机科学与技术学院硕士生，主要研究方向为网络安全、网络流量分类。
  涂小妹（1995- ），女，浙江广厦建设职业技术大学城乡建设学院讲师，主要研究方向为多模态网络入侵检测、信息处理。
  胡天缤（1998- ），女，河海大学人工智能与自动化学院博士生，主要研究方向为人工智能、软件定义网络。
  吴彪（1989- ），男，博士，浙江理工大学理学院讲师，主要研究方向为软件定义网络、深度学习。
- 基金信息：
  
  浙江省重点研发计划项目(2020C03094);浙江省教育厅项目(Y202250706;Y202147659)
- DOI：10.11959/j.issn.1000-0801.DXKX250676
  中图分类号： TP393;TM91
- 收稿：2025-11-24，
  
  修回：2025-12-15，
  
  录用：2025-12-25，
  
  纸质出版：2026-05-20
- 稿件说明：
移动端阅览
包晓安,杨奉豪,范云龙等.GhostMamba-SAN：一种高效的DDoS攻击检测模型[J].电信科学,2026,42(05):130-142.

Bao Xiaoan,Yang Fenghao,Fan Yunlong,et al.GhostMamba-SAN: an efficient DDoS attack detection model[J].Telecommunications Science,2026,42(05):130-142.
包晓安,杨奉豪,范云龙等.GhostMamba-SAN：一种高效的DDoS攻击检测模型[J].电信科学,2026,42(05):130-142. DOI： 10.11959/j.issn.1000-0801.DXKX250676.

Bao Xiaoan,Yang Fenghao,Fan Yunlong,et al.GhostMamba-SAN: an efficient DDoS attack detection model[J].Telecommunications Science,2026,42(05):130-142. DOI： 10.11959/j.issn.1000-0801.DXKX250676.

摘要

针对软件定义网络（SDN）环境中DDoS攻击流量特征复杂、包级语义信息利用不足以及检测模型精度与效率难以兼顾的问题，设计了一种融合有效载荷信息与流级统计特征的混合检测模型。该模型首先基于改进的Mamba网络对有效载荷序列进行深度建模，以挖掘包级特征中的时序依赖与上下文信息；其次，采用Ghost卷积替代常规卷积结构，在保持特征表达能力的同时有效减少模型参数量并提升计算效率；最后，通过自注意力机制对多维融合特征进行加权，以强化关键攻击特征并抑制无关信息。实验结果表明，所设计模型在CICDDoS2019数据集上实现了99.56%的检测准确率，平均检测延迟仅为0.21 ms，优于现有主流方法。此外，在多个公开数据集上的验证结果进一步证明，该模型具有良好的泛化能力。

Abstract

To address the challenges of complex traffic characteristics

insufficient utilization of packet-level semantic information

and the trade-off between detection accuracy and efficiency in software-defined networking (SDN) environments

a hybrid detection model that integrates payload information and flow-level statistical features was proposed. Specifically

an improved Mamba network was employed to perform deep modeling of payload sequences

enabling the extraction of temporal dependencies and contextual semantics within packet-level features. Meanwhile

the conventional convolutional structure was replaced with Ghost convolution to effectively reduce the number of parameters and computational cost while maintaining strong feature representation capability. Finally

a self-attention mechanism was introduced to adaptively weight and fuse multi-dimensional features

which enhanced the representation of critical attack patterns and suppresses irrelevant information. Experimental results demonstrate that the proposed model achieves a detection accuracy of 99.56% on the CICDDoS2019 dataset with an average detection latency of only 0.21 ms

outperforming existing mainstream methods. Moreover

validation on multiple public datasets further confirms the strong generalization capability of the proposed model.

关键词

Keywords

references

董仕 . 软件定义网络安全问题研究综述 [J ] . 计算机科学 , 2021 , 48 ( 3 ): 295 - 306 .

Dong S . Survey on software defined networks security [J ] . Computer Science , 2021 , 48 ( 3 ): 295 - 306 .

Akamai . Facing the surge of security threats: attack trends in the financial services industry [EB ] . ( 2024-12-05 ).

Neres Carvalho R , Luiz Bordim J , Adilio Pelinson Alchieri E . Entropy-based DoS attack identification in SDN [C ] // Proceedings of the 2019 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW) . Piscataway : IEEE Press , 2019 : 627 - 634 .

Hemmati Z , Mirjalily G , Mohtajollah Z . Entropy-based DDoS attack detection in SDN using dynamic threshold [C ] // Proceedings of the 2021 7th International Conference on Signal Processing and Intelligent Systems (ICSPIS) . Piscataway : IEEE Press , 2021 : 1 - 5 .

Ali Ujjan R M , Pervez Z , Dahal K , et al . Entropy based features distribution for anti-DDoS model in SDN [J ] . Sustainability , 2021 , 13 ( 3 ): 1522 .

Li R Y , Wu B . Early detection of DDoS based on φ-entropy in SDN networks [C ] // Proceedings of the 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC) . Piscataway : IEEE Press , 2020 : 731 - 735 .

Yang Z , Han L . Research on DDoS attack detection and vulnerability mechanism based on Entropy of destination IP address in SDN environment [J ] . Journal of Tianjin University of Technology , 2020 , 36 ( 4 ): 39 - 44, 59 .

Alhamami K , Albermany S . DDoS attack detection using machine learning algorithm in SDN network [C ] // Proceedings of the 2023 Al-Sadiq International Conference on Communication and Information Technology (AICCIT) . Piscataway : IEEE Press , 2023 : 97 - 102 .

Ribeiro M A , Pereira Fonseca M S , De Santi J . Detecting and mitigating DDoS attacks with moving target defense approach based on automated flow classification in SDN networks [J ] . Computers & Security , 2023 , 134 : 103462 .

Dong S , Sarem M . DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks [J ] . IEEE Access , 2019 , 8 : 5039 - 5048 .

Li C H , Wu Y , Qian Z Z , et al . DDoS attack detection and defense based on hybrid deep learning model in SDN [J ] . Journal on Communications , 2018 , 39 ( 7 ): 176 - 187 .

Mohammad L , Mahdi J S , Ramin S H Z , etd . Deep packet: a novel approach for encrypted traffic classification using deep learning [J ] . Soft Comput . 24 , 3 (Feb 2020 ), 1999 – 2012 . 10.1007/s00500-019-04030-2 http://dx.doi.org/10.1007/s00500-019-04030-2

Hosseini S M , Jahangir A H . An effective payload attribution scheme for cybercriminal detection using compressed bitmap index tables and traffic downsampling [J ] . IEEE Transactions on Information Forensics and Security , 2018 , 13 ( 4 ): 850 - 860 .

Sohi S M , Seifert J P , Ganji F . RNNIDS: Enhancing network intrusion detection systems through deep learning [J ] . Computers & Security , 2021 , 102 : 102151 .

Lotfollahi M , Jafari Siavoshani M , Shirali Hossein Zade R , et al . Deep packet: a novel approach for encrypted traffic classification using deep learning [J ] . Soft Computing , 2020 , 24 ( 3 ): 1999 - 2012 .

Gu A , Dao T . Mamba: linear-time sequence modeling with selective state spaces [PP ] . arXiv ( 2023-11-01 )[ 2024-05-01 ] .arXiv: 2312.00752 ,2023.

He W , Han K , Tang Y H , et al . DenseMamba: state space models with dense hidden connection for efficient large language models [PP ] . V2. arXiv ( 2024-03-05 )[ 2024-05-01 ] . 10.48550/arXiv.2403.00818 10.48550/arXiv.2403.00818 .

Li K , Chen G , Yang R X , et al . SPMamba: State-space model is all you need in speech separation [PP ] . V2. arXiv ( 2024-09-10 )[ 2024-05-01 ] . arXiv: 2404.02063 .

Qiao Y Y , Yu Z , Guo L T , et al . VL-mamba: exploring state space models for multimodal learning [PP ] . arXiv ( 2024-03-20 )[ 2024-05-01 ] . arXiv: 2403.13600 .

El Sayed M S , Le-Khac N A , Azer M A , et al . A flow-based anomaly detection approach with feature selection method against DDoS attacks in SDNs [J ] . IEEE Transactions on Cognitive Communications and Networking , 2022 , 8 ( 4 ): 1862 - 1880 .

Zainudin A , Ahakonye LAC , Akter R , et al . An efficient hybrid-DNN for DDoS detection and classification in software-defined IIoT networks [J ] . IEEE Internet of Things Journal , 2023 , 10 ( 10 ): 8491 - 8504 .

Cao L , Wen M , He W , et al . Deep learning based dos and ddos attack detection method in the highway monitoring system of iov [J ] . Computer Applications and Software , 2025 , 42 ( 1 ): 303 - 311 .

Wang H , Li W. DDosTC: a transformer-based network attack detection hybrid mechanism in SDN [J ] . Sensors , 2021 ( 21 ): 5047 .

Diallo A F , Patras P . Adaptive clustering-based malicious traffic classification at the network edge [C ] // Proceedings of the IEEE INFOCOM 2021 - IEEE Conference on Computer Communications . Piscataway : IEEE Press , 2021 : 1 - 10 .

Chen T Q , Guestrin C . XGBoost: a scalable tree boosting system [C ] // Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining . New York : ACM Press , 2016 : 785 - 794 .

Ke g , Meng q , Finley T , et al . LightGBM: A highly efficient gradient boosting decision tree [C ] // Advances in Neural Information Processing Systems 30 (NIPS 2017). 2017 : 3146 - 3154 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的多样化复杂网络影响力节点识别

基于自注意力机制的大规模MIMO信道状态信息特征向量反馈方法

一种适用于小样本条件的网络入侵检测方法

基于元启发式RIME算法的深度时间序列预测模型优化方法

星地边缘计算网络中基于 CA3C的异构任务卸载方法研究