Detecting Flooding Ddos Under Flash Crowds Based On Mondrian Forest
WIRELESS ALGORITHMS, SYSTEMS, AND APPLICATIONS, WASA 2017(2017)
摘要
Flooding Distributed Denial of Service (DDoS) attacks could cause huge damages to Internet, which has much similarity with Flash Crowds (FC). Traditional Machine learning methods usually have a better performance for offline processing, however, they cannot process huge volume data which cannot be loaded in memory at one time and can't auto-update model in time. In this paper, a streaming detection mechanism based on Online Random Forest-Mondrian Forest is proposed to solve this problem. Firstly, a deep analysis has been done on client's characteristics of DDoS and FC to find anomaly traffic behaviors in network layer. Based on the analysis, a new feature set has been concluded to describe the client behavior of DDoS and FC. Then a streaming detecting mechanism employed with online Random Forest based on the new feature set has been proposed. To evaluate this method, a comparison with the traditional offline batch process method-Random Forest has been done on two public real-world datasets. The results show that even though this method has a bit lower accuracy around 93% on Test Data, it can be trained like a streaming way which doesn't need load all data in memory at one time and can update itself automatically with time, which is more applicable for Big Data situations.
更多查看译文
关键词
Flooding DDoS, Flash crowds, Real-time Detection, Online random forest, User behavior analysis
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络