当前位置: X-MOL 学术Int. J. Netw. Manag. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A generalized machine learning-based model for the detection of DDoS attacks
International Journal of Network Management ( IF 1.5 ) Pub Date : 2020-12-28 , DOI: 10.1002/nem.2152
Murk Marvi 1 , Asad Arfeen 1 , Riaz Uddin 2
Affiliation  

As time is progressing, the number and the complexity of methods adopted for launching distributed denial of service (DDoS) attacks are changing. Therefore, we propose a methodology for the development of a generalized machine learning (ML)-based model for the detection of DDoS attacks. After exploring various attributes of the dataset chosen for this study, we propose an integrated feature selection (IFS) method which consists of three stages and integration of two different methods, that is, filter and embedded methods to select features which highly contribute to the detection of various types of DDoS attacks. We use light gradient boosting machine (LGBM) algorithm for training of the model for classification of benign and malicious flows. For ensuring satisfactory performance and generalized behavior of the developed model, we test it by passing records of unseen DDoS attack types. Several performance metrics are employed for the evaluation of the model. By comparing the performance of developed model against state-of-the-art models, we state an improvement of around 20% for almost all the reported metrics. We also show that the performance of the model improves if feature space is reduced by 77%. Furthermore, the generalized behavior of the developed model is justified by demonstrating a trade-off between high variance and high bias ML models.

中文翻译:

基于广义机器学习的 DDoS 攻击检测模型

随着时间的推移,发起分布式拒绝服务 (DDoS) 攻击所采用的方法的数量和复杂性正在发生变化。因此,我们提出了一种开发基于广义机器学习 (ML) 的模型来检测 DDoS 攻击的方法。在探索了为本研究选择的数据集的各种属性后,我们提出了一种集成特征选择 (IFS) 方法,该方法由三个阶段组成,并集成了两种不同的方法,即过滤和嵌入方法来选择对检测有很大贡献的特征各种类型的 DDoS 攻击。我们使用光梯度提升机 (LGBM) 算法来训练模型以进行良性和恶意流分类。为了确保开发模型的令人满意的性能和通用行为,我们通过传递看不见的 DDoS 攻击类型的记录来测试它。几个性能指标用于评估模型。通过比较开发模型与最先进模型的性能,我们指出几乎所有报告的指标都有大约 20% 的改进。我们还表明,如果特征空间减少 77%,模型的性能会提高。此外,通过展示高方差和高偏差 ML 模型之间的权衡,证明了所开发模型的广义行为是合理的。我们还表明,如果特征空间减少 77%,模型的性能会提高。此外,通过展示高方差和高偏差 ML 模型之间的权衡,证明了所开发模型的广义行为是合理的。我们还表明,如果特征空间减少 77%,模型的性能会提高。此外,通过展示高方差和高偏差 ML 模型之间的权衡,证明了所开发模型的广义行为是合理的。
更新日期:2020-12-28
down
wechat
bug