TY - JOUR
T1 - DDoS attack detection via multi-scale convolutional neural network
AU - Cheng, Jieren
AU - Liu, Yifu
AU - Tang, Xiangyan
AU - Sheng, Victor S.
AU - Li, Mengyang
AU - Li, Junqi
N1 - Funding Information:
Acknowledgement: This work was supported by the Hainan Provincial Natural Science Foundation of China [2018CXTD333, 617048]; National Natural Science Foundation of China [61762033, 61702539]; Hainan University Doctor Start Fund Project [kyqd1328]; Hainan University Youth Fund Project [qnjj1444].
Publisher Copyright:
© 2020 Tech Science Press. All rights reserved.
PY - 2020
Y1 - 2020
N2 - Distributed Denial-of-Service (DDoS) has caused great damage to the network in the big data environment. Existing methods are characterized by low computational efficiency, high false alarm rate and high false alarm rate. In this paper, we propose a DDoS attack detection method based on network flow grayscale matrix feature via multi-scale convolutional neural network (CNN). According to the different characteristics of the attack flow and the normal flow in the IP protocol, the seven-tuple is defined to describe the network flow characteristics and converted into a grayscale feature by binary. Based on the network flow grayscale matrix feature (GMF), the convolution kernel of different spatial scales is used to improve the accuracy of feature segmentation, global features and local features of the network flow are extracted. A DDoS attack classifier based on multi-scale convolution neural network is constructed. Experiments show that compared with correlation methods, this method can improve the robustness of the classifier, reduce the false alarm rate and the missing alarm rate.
AB - Distributed Denial-of-Service (DDoS) has caused great damage to the network in the big data environment. Existing methods are characterized by low computational efficiency, high false alarm rate and high false alarm rate. In this paper, we propose a DDoS attack detection method based on network flow grayscale matrix feature via multi-scale convolutional neural network (CNN). According to the different characteristics of the attack flow and the normal flow in the IP protocol, the seven-tuple is defined to describe the network flow characteristics and converted into a grayscale feature by binary. Based on the network flow grayscale matrix feature (GMF), the convolution kernel of different spatial scales is used to improve the accuracy of feature segmentation, global features and local features of the network flow are extracted. A DDoS attack classifier based on multi-scale convolution neural network is constructed. Experiments show that compared with correlation methods, this method can improve the robustness of the classifier, reduce the false alarm rate and the missing alarm rate.
KW - Convolutional neural network
KW - DDoS attack detection
KW - Network flow feature extraction
UR - http://www.scopus.com/inward/record.url?scp=85082302527&partnerID=8YFLogxK
U2 - 10.32604/cmc.2020.06177
DO - 10.32604/cmc.2020.06177
M3 - Article
AN - SCOPUS:85082302527
SN - 1546-2218
VL - 62
SP - 1317
EP - 1333
JO - Computers, Materials and Continua
JF - Computers, Materials and Continua
IS - 3
ER -