DDoS Attack Security Situation Assessment Model Using Fusion Feature Based on Fuzzy C-Means Clustering Algorithm

Zhang, Ruizhi; Cheng, Jieren; Tang, Xiangyan; Liu, Qiang; He, Xijing

doi:10.1007/978-3-030-00009-7_59

Cited by 10 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that traditional network situation assessment methods cannot effectively assess the security situation of distributed denial of service (DDoS) attacks. Zhang et al 14 proposed a DDoS attack security situation assessment model based on the fusion features of fuzzy clustering algorithms. Their model can reasonably and effectively evaluate the security status of DDoS attacks.…”

Section: Related Workmentioning

confidence: 99%

An efficient method for network security situation assessment

Tao

Kong

Zhao

et al. 2020

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Network security situational assessment, the core task of network security situational awareness, can obtain security situation by comprehensively analyzing various factors that affect network status. Thus, network security situational assessment can provide accurate security state evaluation and security trend prediction for users. Although plenty of network security situational assessment methods have been proposed, there are still many problems to solve. First, because of high dimensionality of input data, computational complexity in model construction could be very high. Moreover, most of the existing schemes trade computational overhead for accuracy. Second, due to the lack of centralized standard, the weights of indicators are usually determined empirically or by subjective opinions of domain expert. To solve the above problems, we propose a novel network security situation assessment method based on stack autoencoding network and back propagation neural network. In stack autoencoding network and back propagation neural network, to reduce the data storage overhead and improve computational efficiency, we use stack autoencoding network to reduce the dimensions of the indicator data. And the low-dimensional data output by hidden layer of stack autoencoding network will be the input data of the error back propagation neural network. Then, the back propagation neural network algorithm is adopted to perform network security situation assessment. Finally, extensive experiments are conducted to verify the effectiveness of the proposed method.

show abstract

Section: Related Workmentioning

confidence: 99%

An efficient method for network security situation assessment

Tao

Kong

Zhao

et al. 2020

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

“…Also, Jieren C. proposed an DDoS detection method for socially aware networking [15] and a method using flow correlation degree [16]. Ruizhi Z. presented a DDoS attack security situation assessment model [17] that formed the basic evaluation solution to the attacks.Security detection is an important tool that can strengthen the security of information and communication in networks [18][19][20][21][22]. The purpose of security detection is detecting the attacks with high efficiency, high reliability, and low cost, by implementing corresponding detection mechanisms.…”

mentioning

confidence: 99%

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Cheng

Wang

et al. 2019

Symmetry

Self Cite

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) has developed multiple variants, one of which is Distributed Reflective Denial of Service (DRDoS). With the increasing number of Internet of Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. The existing DDoS detection methods cannot be generalized in DRDoS early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flows. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on the deep forest, which consists of 1 extreme gradient boost (XGBoost) forest estimator, 2 random forest estimators, and 2 extra random forest estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the traffic identified in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flows, and dramatically mitigate the damage of a DRDoS attack.Symmetry 2019, 11, 78 2 of 22 access requests, and the internal server or devices reflecting more packets, the DRDoS attack brings the danger of congestion effectively, and the high accessibility of conducting such attacks is achieved due to the easy-use tools and relatively low cost.In 26 September 2016, and 21 October 2016, the network in the United States was also attacked by DRDoS, the attackers unitized tens of millions of webcams and digital video recorders (DVR), sending packets to the Internet service provider (ISP), causing over 1200 websites, including Twitter, Amazon, Reddit, and Netflix to be inaccessible for millions of Internet users. Moreover, the DRDoS attacks witnessed this year have the trend to be more dedicated and sophisticated with higher diversities, as a consequence, a swift, smart and solid cyber-attack detection mechanism is needed for security control for the increasingly vulnerable network.The rest of the paper is organized as follows. Related work is discussed in Section 2. In Section 3, we analyze the feature of general type DRDoS attack as the base theorem for the method we proposed in Section 4, where we will introduce the algorithm of the DRDoS detection method and characterized each part of it. We will then introduce the deep forest model for classification and apply differentiated service in the defense method. And we define differentiated service as a procedure that implements a simple and scalable mechani...

show abstract

“…Li et al [Li and Zhao (2016)] proposed a method to obtain observations value through sliding time window, then through Multiple Population Genetic Algorithm (MPGA) for obtaining HMM parameters, thus improved the reliability of parameters. Zhang et al [Zhang, Cheng, Tang et al (2018)] proposed one algorithm to evaluate situation of DDoS, which improved Fuzzy C-means clustering algorithm. Sara et al [Sara, Jose and Skarmeta (2018)] to solve problems of large-scale Internet of Things deployment, proposed a security certification method which was designed for IoT,this method could evaluate the security grade of a device automatically.…”

Section: Related Workmentioning

confidence: 99%

A DDoS Attack Situation Assessment Method via Optimized Cloud Model Based on Influence Function

Tang¹,

Zheng²,

Cheng³

et al. 2019

Computers, Materials &Amp; Continua

Self Cite

View full text Add to dashboard Cite

The existing network security situation assessment methods cannot effectively assess the Distributed denial-of-service (DDoS) attack situation. In order to solve these problems, we propose a DDoS attack situation assessment method via optimized cloud model based on influence function. Firstly, according to the state change characteristics of the IP addresses which are accessed by new and old user respectively, this paper defines a fusion feature value. Then, based on this value, we establish a V-Support Vector Machines (V-SVM) classification model to analyze network flow for identifying DDoS attacks. Secondly, according to the change of new and old IP addresses, we propose three evaluation indexes. Furthermore, we propose index weight calculation algorithm to measure the importance of different indexes. According to the fusion index, which is optimized by the weighted algorithm, we define the Risk Degree (RD) and calculate the RD value of each network node. Then we obtain the situation information of the whole network according to the RD values, which are from each network nodes with different weights. Finally, the whole situation information is classified via cloud model to quantitatively assess the DDoS attack situation. The experimental results show that our method can not only improve the detection rate and reduce the missing rate of DDoS attacks, but also access the DDoS attack situation effectively. This method is more accurate and flexible than the existing methods.

show abstract

DDoS Attack Security Situation Assessment Model Using Fusion Feature Based on Fuzzy C-Means Clustering Algorithm

Cited by 10 publications

References 16 publications

An efficient method for network security situation assessment

An efficient method for network security situation assessment

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

A DDoS Attack Situation Assessment Method via Optimized Cloud Model Based on Influence Function

Contact Info

Product

Resources

About