基于流量特征重构与映射的物联网DDoS攻击单流检测方法

谢丽霞; 袁冰迪; 杨宏宇; 胡泽; 成翔; 张良

doi:10.11959/j.issn.1000-0801.2024012

您当前的位置：

首页 >

文章列表页 >

基于流量特征重构与映射的物联网DDoS攻击单流检测方法

研究与开发 | 更新时间：2024-06-05

- 基于流量特征重构与映射的物联网DDoS攻击单流检测方法
- A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping
- 电信科学 2024年40卷第1期页码：92-105
- 作者机构：
  
  1. 中国民航大学计算机科学与技术学院，天津 300300
  2. 中国民航大学安全科学与工程学院，天津 300300
  3. 扬州大学信息工程学院，江苏扬州 225127
  4. 亚利桑那大学信息学院，美国亚利桑那图森 AZ 85721
- 作者简介：
  
  [ "谢丽霞（1974- ）,女，中国民航大学教授、硕士生导师，主要研究方向为网络与系统安全、网络安全态势感知" ]
  [ "袁冰迪（2000－），女，中国民航大学硕士生，主要研究方向为网络信息安全和DDoS攻击检测" ]
  [ "杨宏宇（1969- ），男，博士，中国民航大学教授、博士生导师，CCF专业会员，主要研究方向为网络与系统安全、软件安全检测和网络安全态势感知" ]
  [ "胡泽（1989- ），男，博士，中国民航大学讲师、硕士生导师，主要研究方向为人工智能、自然语言处理和网络信息安全" ]
  [ "成翔（1988- ），男，博士，扬州大学实验师、硕士生导师，主要研究方向为网络与系统安全、网络安全态势感知和APT攻击检测" ]
  [ "张良（1987-），男，博士，亚利桑那大学博士后研究员，主要研究方向为强化学习、基于深度学习的信号处理和网络与系统安全" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(62201576);国家自然科学基金资助项目;The National Natural Science Foundation of China(U1833107);中央高校基本科研业务费项目;Fundamental Research Funds for the Central Universities(3122022050);江苏省基础研究计划自然科学基金青年基金项目;Jiangsu Provincial Basic Research Program Natural Science Foundation-Youth Fund Project(BK20230558)
- DOI：10.11959/j.issn.1000-0801.2024012
  中图分类号： TP393
- 网络出版日期：2024-01，
  
  纸质出版日期：2024-01-20
- 稿件说明：
移动端阅览
谢丽霞, 袁冰迪, 杨宏宇, 等. 基于流量特征重构与映射的物联网DDoS攻击单流检测方法[J]. 电信科学, 2024,40(1):92-105.

Lixia XIE, Bingdi YUAN, Hongyu YANG, et al. A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping[J]. Telecommunications science, 2024, 40(1): 92-105.
谢丽霞, 袁冰迪, 杨宏宇, 等. 基于流量特征重构与映射的物联网DDoS攻击单流检测方法[J]. 电信科学, 2024,40(1):92-105. DOI： 10.11959/j.issn.1000-0801.2024012.

Lixia XIE, Bingdi YUAN, Hongyu YANG, et al. A single flow detection enabled method for DDoS attacks in IoT based on traffic feature reconstruction and mapping[J]. Telecommunications science, 2024, 40(1): 92-105. DOI： 10.11959/j.issn.1000-0801.2024012.

摘要

针对现有检测方法对物联网（IoT）分布式拒绝服务（DDoS）攻击响应速度慢、特征差异性低、检测性能差等不足，提出了一种基于流量特征重构与映射的单流检测方法（SFDTFRM）。首先，为扩充特征，使用队列按照先入先出存储定长时间跨度内接收的流量，得到队列特征矩阵。其次，针对物联网设备正常通信流量与 DDoS 攻击流量存在相似性的问题，提出一种与基线模型相比更加轻量化的多维重构神经网络模型与一种函数映射方法，改进模型损失函数按照相应索引重构队列定量特征矩阵，并通过函数映射方法转化为映射特征矩阵，增强包括物联网设备正常通信流量与 DDoS 攻击流量在内的不同类型流量之间的差异和同类型流量的相似性。最后，使用文本卷积网络、信息熵计算分别提取映射特征矩阵和队列定性特征矩阵的频率信息，得到拼接向量，丰富单条流量的特征信息并使用机器学习分类器进行 DDoS 攻击流量检测。在两个基准数据集上的实验结果表明，SFDTFRM 能够有效检测不同类型的 DDoS 攻击，检测性能指标平均值与现有方法相比最多提升12.01%。

Abstract

To address the slow response time of existing detection modules to Internet of things (IoT) distributed denial of service (DDoS) attacks

their low feature differentiation

and poor detection performance

a single flow detection enabled method based on traffic feature reconstruction and mapping (SFDTFRM) was proposed.Firstly

SFDTFRM employed a queue to store previously arrived flow based on the first in

first out rule.Secondly

to address the issue of similarity between normal communication traffic of IoT devices and DDoS attack traffic

a multidimensional reconstruction neural network model more lightweight compared to the baseline model and a function mapping method were proposed.The modified model loss function was utilized to reconstruct the quantitative feature matrix of the queue according to the corresponding index

and transformed into a mapping feature matrix through the function mapping method

enhancing the differences between different types of traffic

including normal communication traffic of IoT devices and DDoS attack traffic.Finally

the frequency information was extracted using a text convolutional network and information entropy calculation and the machine learning classifier was employed for DDoS attack traffic detection.The experimental results on two benchmark datasets show that SFDTFRM can effectively detect different DDoS attacks

and the average metrics value of SFDTFRM is a maximum of 12.01% higher than other existing methods.

关键词

Keywords

references

YANG H Y , ZHANG L , ZHANG X G , et al . An adaptive IoT network security situation prediction model [J ] . Mobile Networks and Applications , 2022 , 27 ( 1 ): 371 - 381 .

YANG H Y , YUAN H H , ZHANG L . Risk assessment method of IoT host based on attack graph [J ] . Mobile Networks and Applications , 2023 : 1 - 10 .

一个藏在我们身边的巨型僵尸网络：Pink [EB ] . 2023 .

A giant zombie network hidden around us:Pink [EB ] . 2023 .

YANG H Y , ZHANG Z X , XIE L X , et al . Network security situation assessment with network attack behavior classification [J ] . International Journal of Intelligent Systems , 2022 , 37 ( 10 ): 6909 - 6927 .

DDoS attack report for Q3 2022 [EB ] . 2023 .

DOSHI R , APTHORPE N , FEAMSTER N . Machine learning DDoS detection for consumer Internet of things devices [C ] // Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW) . Piscataway:IEEE Press , 2018 : 29 - 35 .

LIU Z , HU C Z , SHAN C . Riemannian manifold on stream data:Fourier transform and entropy-based DDoS attacks detection method [J ] . Computers ＆ Security , 2021 ( 109 ): 102392 .

AHMED M E , ULLAH S , KIM H . Statistical application fingerprinting for DDoS attack mitigation [J ] . IEEE Transactions on Information Forensics and Security , 2019 , 14 ( 6 ): 1471 - 1484 .

DAS S , VENUGOPAL D , SHIVA S , et al . Empirical evaluation of the ensemble framework for feature selection in DDoS attack [C ] // Proceedings of the 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) . Piscataway:IEEE Press , 2020 : 56 - 61 .

DOSHI K , YILMAZ Y , ULUDAG S . Timely detection and mitigation of stealthy DDoS attacks via IoT networks [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 5 ): 2164 - 2176 .

ZHU T , QIU X K , RAO Y , et al . HiAtGang:how to mine the gangs hidden behind DDoS attacks [J ] . Chinese Journal of Electronics , 2022 , 31 ( 2 ): 293 - 303 .

SALAHUDDIN M A , POURAHMADI V , ALAMEDDINE H A , et al . Chronos:DDoS attack detection using time-based autoencoder [J ] . IEEE Transactions on Network and Service Management , 2022 , 19 ( 1 ): 627 - 641 .

LIU X Q , REN J D , HE H T , et al . Low-rate DDoS attacks detection method using data compression and behavior divergence measurement [J ] . Computers ＆ Security , 2021 ( 100 ): 102107 .

JIA Y Z , ZHONG F T , ALRAWAIS A , et al . FlowGuard:an intelligent edge defense mechanism against IoT DDoS attacks [J ] . IEEE Internet of Things Journal , 2020 , 7 ( 10 ): 9552 - 9562 .

BHAYO J , JAFAQ R , AHMED A , et al . A time-efficient approach toward DDoS attack detection in IoT network using SDN [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 5 ): 3612 - 3630 .

DING D M , SAVI M , SIRACUSA D . Tracking normalized network traffic entropy to detect DDoS attacks in P4 [J ] . IEEE Transactions on Dependable and Secure Computing , 2022 , 19 ( 6 ): 4019 - 4031 .

RAVI N , SHALINIE S M . Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture [J ] . IEEE Internet of Things Journal , 2020 , 7 ( 4 ): 3559 - 3570 .

KUSHWAH G S , RANGA V . Optimized extreme learning machine for detecting DDoS attacks in cloud computing [J ] . Computers ＆ Security , 2021 ( 105 ): 102260 .

DORIGUZZI-CORIN R , MILLAR S , SCOTT-HAYWARD S , , et al . Lucid:a practical,lightweight deep learning solution for DDoS attack detection [J ] . IEEE Transactions on Network and Service Management , 2020 , 17 ( 2 ): 876 - 889 .

CVITIĆ I , PERAKOVIC D , GUPTA B B , et al . Boosting-based DDoS detection in Internet of things systems [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 3 ): 2109 - 2123 .

张龙 , 王劲松 . SDN中基于信息熵与DNN的DDoS攻击检测模型 [J ] . 计算机研究与发展 , 2019 , 56 ( 5 ): 909 - 918 .

ZHANG L , WANG J S . DDoS attack detection model based on information entropy and DNN in SDN [J ] . Journal of Computer Research and Development , 2019 , 56 ( 5 ): 909 - 918 .

ZHOU L , ZHU Y , ZONG T R , et al . A feature selection-based method for DDoS attack flow classification [J ] . Future Generation Computer Systems , 2022 , 132 : 67 - 79 .

TORABI H , MIRTAHERI S L , GRECO S . Practical autoencoder based anomaly detection by using vector reconstruction error [J ] . Cybersecurity , 2023 , 6 ( 1 ): 1 - 13 .

AYDIN H , ORMAN Z , ALI AYDIN M . A long short-term memory (LSTM)-based distributed denial of service (DDoS) detection and defense system design in public cloud network environment [J ] . Computers ＆ Security , 2022 ( 118 ): 102725 .

AKGUN D , HIZAL S , CAVUSOGLU U . A new DDoS attacks intrusion detection model based on deep learning for cybersecurity [J ] . Computers ＆ Security , 2022 ( 118 ): 102748 .

HAJIMAGHSOODI M , JALILI R . RAD:a statistical mechanism based on behavioral analysis for DDoS attack countermeasure [J ] . IEEE Transactions on Information Forensics and Security , 2022 ( 17 ): 2732 - 2745 .

The Bot-IoT dataset [EB ] . 2023 .

SHARAFALDIN I , LASHKARI A H , HAKAK S , et al . Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy [C ] // Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST) . Piscataway:IEEE Press , 2019 : 1 - 8 .

浏览量

179

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于可解释机器学习模型的电信行业客户流失预测研究

基于5G语音质差自适应算法研究及应用

基于区块链与深度学习的空间分集协作频谱感知系统

基于柔性太阳能电池和超薄水凝胶薄膜的手势识别

AI技术在卫星通信/互联网领域的应用综述