Abstract
Distributed Denial of Service (DDoS) has caused tremendous damage to the network in large data environment. The features extracted by existing feature methods can not accurately represent the characteristics of network flow, and have the characteristics of high false alarm rate and high false alarm rate. This paper presents a multi-view distributed denial of service attack network flow feature extraction method based on convolutional neural network. According to the different characteristics of attack flow and normal flow in TCP/IP protocol, the related attributes of network flow are transformed into binary matrix, and the IP address and port number are reorganized into dual-channel matrix. Then, the multi-view perspective is composed of IP dual-channel matrix, port number dual-channel matrix, packet size grayscale matrix and TCP flag grayscale matrix. According to the characteristics of each attribute, different convolutional neural network models are used to extract the local features of each view, and the extracted local features are fused to form quaternion features to describe the characteristics of network flow. We use MVNFF to train the model, a distributed denial of service (DDoS) classifier based on multiple views is constructed. Experiments show that the features extracted by this method can more accurately represent the characteristics of network traffic and it can improve the robustness of the classifier and reduce the false alarm rate and false alarm rate.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Cheng, J., Yin, J., Liu, Y., Cai, Z., Li, M.: DDoS attack detection algorithm using IP address features. In: Deng, X., Hopcroft, J.E., Xue, J. (eds.) FAW 2009. LNCS, vol. 5598, pp. 207–215. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02270-8_22
Cheng, J., Zhang, C., Tang, X., Sheng, V.S., Dong, Z., Li, J.: Adaptive DDoS attack detection method based on multiple-kernel learning. Secur. Commun. Netw. 2018, 19 (2018)
Cheng, J., Xu, R., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Continua 55(1), 095 (2018)
LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)
LeCun, Y., Bottou, L., Bengio, Y., Haffner, P., et al.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)
Li, J., Liu, Z., Chen, X., Xhafa, F., Tan, X., Wong, D.: L-EncDB: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl.-Based Syst. 79, 18–23 (2015)
Li, J., Wang, Q., Wang, C., Cao, N., Ren, K., Lou, W.: Enabling efficient fuzzy keyword search over encrypted data in cloud computing. IACR Cryptology ePrint Archive 2009, 593 (2009)
Ma, X., Li, J., Zhang, F.: Outsourcing computation of modular exponentiations in cloud computing. Cluster Comput. 16(4), 787–796 (2013)
Maaten, L.V.D., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)
Stevanovic, D., Vlajic, N., An, A.: Detection of malicious and non-malicious website visitors using unsupervised neural network learning. Appl. Soft Comput. 13(1), 698–708 (2013)
Tian, H., Li, J.: A short non-delegatable strong designated verifier signature. Front. Comput. Sci. 8(3), 490–502 (2014)
Toklu, S., Simsek, M.: Two-layer approach for mixed high-rate and low-rate distributed denial of service (DDoS) attack detection and filtering. Arab. J. Sci. Eng. 43(12), 7923–7931 (2018)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)
Wei, Y., et al.: Cross-modal retrieval with cnn visual features: a new baseline. IEEE Trans. Cybern. 47(2), 449–460 (2016)
Xu, J., Wei, L., Zhang, Y., Wang, A., Zhou, F., Gao, C.: Dynamic fully homomorphic encryption-based merkle tree for lightweight streaming authenticated data structures. J. Netw. Comput. Appl. 107, 113–124 (2018)
Xu, R., Cheng, J., Wang, F., Tang, X., Xu, J.: A DRDoS detection and defense method based on deep forest in the big data environment. Symmetry 11(1), 78 (2019)
Yadav, V.K., Trivedi, M.C., Mehtre, B.M.: DDA: an approach to handle DDoS (Ping Flood) attack. In: Satapathy, S.C., Joshi, A., Modi, N., Pathak, N. (eds.) Proceedings of International Conference on ICT for Sustainable Development. AISC, vol. 408, pp. 11–23. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0129-1_2
Acknowledgement
This work was supported by the Hainan Provincial Natural Science Foundation of China [2018CXTD333, 617048]; National Natural Science Foundation of China [61762033, 61702539]; Hainan University Doctor Start Fund Project [kyqd1328]; Hainan University Youth Fund Project [qnjj1444].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, Y., Cheng, J., Tang, X., Li, M., Xie, L. (2019). Multi-view DDoS Network Flow Feature Extraction Method via Convolutional Neural Network. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11983. Springer, Cham. https://doi.org/10.1007/978-3-030-37352-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-37352-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37351-1
Online ISBN: 978-3-030-37352-8
eBook Packages: Computer ScienceComputer Science (R0)