当前位置:
X-MOL 学术
›
Int. J. Netw. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
An augmented K-means clustering approach for the detection of distributed denial-of-service attacks
International Journal of Network Management ( IF 1.5 ) Pub Date : 2021-04-14 , DOI: 10.1002/nem.2160 Murk Marvi 1 , Asad Arfeen 1 , Riaz Uddin 2
International Journal of Network Management ( IF 1.5 ) Pub Date : 2021-04-14 , DOI: 10.1002/nem.2160 Murk Marvi 1 , Asad Arfeen 1 , Riaz Uddin 2
Affiliation
|
The problem of distributed denial-of-service (DDoS) attack detection remains challenging due to new and innovative methods developed by attackers to evade the deployed security systems. In this work, we devise an unsupervised machine learning (ML)-based approach for the detection of different types of DDoS attacks by augmenting the performance of K-means clustering algorithm with the aid of a hybrid method for feature selection and extraction. By sequentially combining an integrated feature selection (IFS) algorithm and a deep autoencoder (DAE), we develop the hybrid method for extracting encoded features, which can better separate the clusters of benign and malicious network flows. We formulate the problem of DDoS attack detection as a binary clustering of network flows. Although K-means clustering is the simplest and widely used algorithm, we investigate its performance for DDoS attack detection before and after applying the proposed hybrid method for feature selection and extraction. Our results show that after employing the proposed hybrid method, the performance of K-means clustering model improves, and it is comparable to the state-of-the-art supervised ML and deep learning (DL)-based methods developed for DDoS attack detection.
中文翻译:
一种用于检测分布式拒绝服务攻击的增强 K 均值聚类方法
由于攻击者开发了新的创新方法来逃避部署的安全系统,分布式拒绝服务 (DDoS) 攻击检测的问题仍然具有挑战性。在这项工作中,我们设计了一种基于无监督机器学习 (ML) 的方法,通过在特征选择和提取的混合方法的帮助下增强 K-means 聚类算法的性能,来检测不同类型的 DDoS 攻击。通过顺序结合集成特征选择 (IFS) 算法和深度自动编码器 (DAE),我们开发了提取编码特征的混合方法,可以更好地分离良性和恶意网络流的集群。我们将 DDoS 攻击检测问题表述为网络流的二进制聚类。虽然 K-means 聚类是最简单且应用最广泛的算法,我们在应用所提出的特征选择和提取混合方法之前和之后调查其 DDoS 攻击检测的性能。我们的结果表明,在采用所提出的混合方法后,K-means 聚类模型的性能有所提高,并且可与为 DDoS 攻击检测开发的最先进的基于监督 ML 和深度学习 (DL) 的方法相媲美.
更新日期:2021-04-14
中文翻译:
一种用于检测分布式拒绝服务攻击的增强 K 均值聚类方法
由于攻击者开发了新的创新方法来逃避部署的安全系统,分布式拒绝服务 (DDoS) 攻击检测的问题仍然具有挑战性。在这项工作中,我们设计了一种基于无监督机器学习 (ML) 的方法,通过在特征选择和提取的混合方法的帮助下增强 K-means 聚类算法的性能,来检测不同类型的 DDoS 攻击。通过顺序结合集成特征选择 (IFS) 算法和深度自动编码器 (DAE),我们开发了提取编码特征的混合方法,可以更好地分离良性和恶意网络流的集群。我们将 DDoS 攻击检测问题表述为网络流的二进制聚类。虽然 K-means 聚类是最简单且应用最广泛的算法,我们在应用所提出的特征选择和提取混合方法之前和之后调查其 DDoS 攻击检测的性能。我们的结果表明,在采用所提出的混合方法后,K-means 聚类模型的性能有所提高,并且可与为 DDoS 攻击检测开发的最先进的基于监督 ML 和深度学习 (DL) 的方法相媲美.
京公网安备 11010802027423号