Abstract
Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.
Highlights
In recent years, the security of computer networks, chips, virtual networks, and mobile devices has been of wide concern [1,2,3]
Considering that the multiple-kernel learning model has a low requirement for data stability and can be used for nonlinear fitting, and it can treat flexibly linear and nonlinear data, this paper proposes an adaptive distributed denial of service (DDoS) attack detection method based on the ensemble learning framework
This is because there are a large number of bidirectional flows in the early stage of the DDoS attack and these bidirectional flows gradually decrease with the increase of the attack degree
Summary
The security of computer networks, chips, virtual networks, and mobile devices has been of wide concern [1,2,3]. DDoS is a traditional network attack method It controls a large number of zombie machines sending a large number of invalid network request packets to a target host. DDoS attacks require only a large number of zombie machines and a small amount of network security knowledge to launch an effective attack. This easy-tograsp network attack method makes the DDoS attack more powerful. As a new computing model, cloud computing has powerful distributed computing capabilities, massive storage capabilities, and diverse service capabilities [10, 11] It has become an important means of solving big data problems [12]. Experiments show that our method can better distinguish DDoS attack flow from normal flow and can detect DDoS attacks earlier
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
