Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing

Jieren Cheng, Mengyang Li, Xiangyan Tang, Victor S. Sheng, Yifu Liu, Wei Guo

Research output: Contribution to journalArticlepeer-review

21 Scopus citations

Abstract

Distributed denial-of-service (DDoS) has caused major damage to cloud computing, and the false- and missing-alarm rates of existing DDoS attack-detection methods are relatively high in cloud environment. In this paper, we propose a DDoS attack-detection method with enhanced random forest (RF) optimized by genetic algorithm based on flow correlation degree (FCD) feature. We define the FCD feature according to the asymmetric and semidirectivity interaction characteristics and use the two-tuples FCD feature consisting of packet-statistical degree (PSD) and semidirectivity interaction abnormality (SDIA) to describe the features of attack flow and normal flow. Then we use a genetic algorithm based on the FCD feature sequences to optimize two key parameters of the decision tree in the RF: the maximum number of decision trees and the maximum depth of every single decision tree. We apply the trained RF model with optimized parameters to generate the classifier to be used for DDoS attack-detection. The experiment shows that the proposed method can effectively detect DDoS attacks in cloud environment with a higher accuracy rate and lower false- and missing-alarm rates compared to existing DDoS attack-detection methods.

Original languageEnglish
Article number6459326
JournalSecurity and Communication Networks
Volume2018
DOIs
StatePublished - 2018

Fingerprint

Dive into the research topics of 'Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing'. Together they form a unique fingerprint.

Cite this