A DDoS attack situation assessment method via optimized cloud model based on influence function

The existing network security situation assessment methods cannot effectively assess the Distributed denial-of-service (DDoS) attack situation. In order to solve these problems, we propose a DDoS attack situation assessment method via optimized cloud model based on influence function. Firstly, according to the state change characteristics of the IP addresses which are accessed by new and old user respectively, this paper defines a fusion feature value. Then, based on this value, we establish a V-Support Vector Machines (V-SVM) classification model to analyze network flow for identifying DDoS attacks. Secondly, according to the change of new and old IP addresses, we propose three evaluation indexes. Furthermore, we propose index weight calculation algorithm to measure the importance of different indexes. According to the fusion index, which is optimized by the weighted algorithm, we define the Risk Degree (RD) and calculate the RD value of each network node. Then we obtain the situation information of the whole network according to the RD values, which are from each network nodes with different weights. Finally, the whole situation information is classified via cloud model to quantitatively assess the DDoS attack situation. The experimental results show that our method can not only improve the detection rate and reduce the missing rate of DDoS attacks, but also access the DDoS attack situation effectively. This method is more accurate and flexible than the existing methods.