• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

GLD-Net:基于拓扑和流量特征融合的深度学习 DDoS 攻击检测

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion.

机构信息

State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China.

出版信息

Comput Intell Neurosci. 2022 Aug 16;2022:4611331. doi: 10.1155/2022/4611331. eCollection 2022.

DOI:10.1155/2022/4611331
PMID:36017461
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC9398712/
Abstract

Distributed denial of service (DDoS) attacks are the most common means of cyberattacks against infrastructure, and detection is the first step in combating them. The current DDoS detection mainly uses the improvement or fusion of machine learning and deep learning methods to improve classification performance. However, most classifiers are trained with statistical flow features as input, ignoring topological connection changes. This one-sidedness affects the detection accuracy and cannot provide a basis for the distribution of attack sources for defense deployment. In this study, we propose a topological and flow feature-based deep learning method (GLD-Net), which simultaneously extracts flow and topological features from time-series flow data and exploits graph attention network (GAT) to mine correlations between non-Euclidean features to fuse flow and topological features. The long short-term memory (LSTM) network connected behind GAT obtains the node neighborhood relationship, and the fully connected layer is utilized to achieve feature dimension reduction and traffic type mapping. Experiments on the NSL-KDD2009 and CIC-IDS2017 datasets show that the detection accuracy of the GLD-Net method for two classifications (normal and DDoS flow) and three classifications (normal, fast DDoS flow, and slow DDoS flow) reaches 0.993 and 0.942, respectively. Compared with the existing DDoS attack detection methods, its average improvement is 0.11 and 0.081, respectively. In addition, the correlation coefficient between the detection accuracy of attack flow and the four source distribution indicators ranges from 0.7 to 0.83, which lays a foundation for the inference of attack source distribution. Notably, we are the first to fuse topology and flow features and achieve high-performance DDoS attack intrusion detection through graph-style neural networks. This study has important implications for related research and development of network security systems in other fields.

摘要

分布式拒绝服务 (DDoS) 攻击是针对基础设施的最常见的网络攻击手段,检测是打击此类攻击的第一步。当前的 DDoS 检测主要通过改进或融合机器学习和深度学习方法来提高分类性能。然而,大多数分类器都是使用统计流特征作为输入进行训练的,忽略了拓扑连接的变化。这种片面性会影响检测精度,并且无法为防御部署提供攻击源分布的依据。在本研究中,我们提出了一种基于拓扑和流特征的深度学习方法(GLD-Net),它可以从时间序列流数据中同时提取流特征和拓扑特征,并利用图注意力网络(GAT)挖掘非欧几里得特征之间的相关性,以融合流特征和拓扑特征。连接在 GAT 后面的长短时记忆(LSTM)网络获取节点邻域关系,再利用全连接层实现特征维度降低和流量类型映射。在 NSL-KDD2009 和 CIC-IDS2017 数据集上的实验表明,GLD-Net 方法对两类(正常和 DDoS 流量)和三类(正常、快速 DDoS 流量和慢速 DDoS 流量)的检测精度分别达到 0.993 和 0.942。与现有的 DDoS 攻击检测方法相比,其平均提高分别为 0.11 和 0.081。此外,攻击流量检测精度与四个源分布指标之间的相关系数在 0.7 到 0.83 之间,这为攻击源分布的推断奠定了基础。值得注意的是,我们首次融合拓扑和流特征,并通过图式神经网络实现高性能的 DDoS 攻击入侵检测。本研究对网络安全系统在其他领域的相关研究和开发具有重要意义。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/4efb6e123175/CIN2022-4611331.008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/0d6d478259a8/CIN2022-4611331.001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/eef912734b47/CIN2022-4611331.002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/9451f2f2ba03/CIN2022-4611331.003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/ad67398e68c0/CIN2022-4611331.004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/3d013fd44536/CIN2022-4611331.005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/ce36e3a42a50/CIN2022-4611331.006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/b905699e8010/CIN2022-4611331.007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/4efb6e123175/CIN2022-4611331.008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/0d6d478259a8/CIN2022-4611331.001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/eef912734b47/CIN2022-4611331.002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/9451f2f2ba03/CIN2022-4611331.003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/ad67398e68c0/CIN2022-4611331.004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/3d013fd44536/CIN2022-4611331.005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/ce36e3a42a50/CIN2022-4611331.006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/b905699e8010/CIN2022-4611331.007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/ca7e/9398712/4efb6e123175/CIN2022-4611331.008.jpg

相似文献

1
GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion.GLD-Net:基于拓扑和流量特征融合的深度学习 DDoS 攻击检测
Comput Intell Neurosci. 2022 Aug 16;2022:4611331. doi: 10.1155/2022/4611331. eCollection 2022.
2
Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT.基于自适应机器学习的支持软件定义网络的物联网分布式拒绝服务攻击检测与缓解系统
Sensors (Basel). 2022 Mar 31;22(7):2697. doi: 10.3390/s22072697.
3
Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models.利用机器学习和深度学习模型检测物联网设备的传输层和应用层 DDoS 攻击。
Sensors (Basel). 2022 Apr 28;22(9):3367. doi: 10.3390/s22093367.
4
Distributed Denial of Service Attack Detection in Network Traffic Using Deep Learning Algorithm.基于深度学习算法的网络流量分布式拒绝服务攻击检测
Sensors (Basel). 2023 Oct 23;23(20):8642. doi: 10.3390/s23208642.
5
The proposed hybrid deep learning intrusion prediction IoT (HDLIP-IoT) framework.所提出的混合深度学习入侵预测物联网 (HDLIP-IoT) 框架。
PLoS One. 2022 Jul 29;17(7):e0271436. doi: 10.1371/journal.pone.0271436. eCollection 2022.
6
MFFLR-DDoS: An encrypted LR-DDoS attack detection method based on multi-granularity feature fusions in SDN.MFFLR-DDoS:一种基于软件定义网络中多粒度特征融合的加密LR-DDoS攻击检测方法。
Math Biosci Eng. 2024 Feb 26;21(3):4187-4209. doi: 10.3934/mbe.2024185.
7
Effective Feature Selection Methods to Detect IoT DDoS Attack in 5G Core Network.有效特征选择方法可用于检测 5G 核心网络中的物联网 DDoS 攻击。
Sensors (Basel). 2022 May 18;22(10):3819. doi: 10.3390/s22103819.
8
DDoS attack detection in smart grid network using reconstructive machine learning models.基于重构机器学习模型的智能电网网络中分布式拒绝服务攻击检测
PeerJ Comput Sci. 2024 Jan 9;10:e1784. doi: 10.7717/peerj-cs.1784. eCollection 2024.
9
VMFCVD: An Optimized Framework to Combat Volumetric DDoS Attacks using Machine Learning.VMFCVD:一种使用机器学习对抗体积型分布式拒绝服务攻击的优化框架。
Arab J Sci Eng. 2022;47(8):9965-9983. doi: 10.1007/s13369-021-06484-9. Epub 2022 Jan 23.
10
High-Speed Network DDoS Attack Detection: A Survey.高速网络分布式拒绝服务攻击检测:一项综述。
Sensors (Basel). 2023 Aug 1;23(15):6850. doi: 10.3390/s23156850.

引用本文的文献

1
Sliding principal component and dynamic reward reinforcement learning based IIoT attack detection.基于滑动主成分和动态奖励强化学习的工业物联网攻击检测
Sci Rep. 2023 Nov 27;13(1):20843. doi: 10.1038/s41598-023-46746-0.

本文引用的文献

1
Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models.利用机器学习和深度学习模型检测物联网设备的传输层和应用层 DDoS 攻击。
Sensors (Basel). 2022 Apr 28;22(9):3367. doi: 10.3390/s22093367.
2
Deep learning approaches for detecting DDoS attacks: a systematic review.用于检测分布式拒绝服务攻击的深度学习方法:一项系统综述。
Soft comput. 2022 Jan 27:1-37. doi: 10.1007/s00500-021-06608-1.
3
Machine learning dismantling and early-warning signals of disintegration in complex systems.
机器学习拆解与复杂系统解体的预警信号。
Nat Commun. 2021 Aug 31;12(1):5190. doi: 10.1038/s41467-021-25485-8.
4
Nonlinear Regression via Deep Negative Correlation Learning.通过深度负相关学习进行非线性回归
IEEE Trans Pattern Anal Mach Intell. 2021 Mar;43(3):982-998. doi: 10.1109/TPAMI.2019.2943860. Epub 2021 Feb 4.