A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning

  • Jieren Cheng
  • Junqi Li Hainan University
  • Xiangyan Tang
  • Victor S Sheng
  • Chen Zhang
  • Mengyang Li
Keywords: DDoS attack detection, GMKL, parameter optimization


Distributed Denial of Service (DDoS) attack has become one of the most de-structive network attacks which can pose a mortal threat to Internet security. Because of the large scale of network stream data and heterogeneous characteristics of DDoS attacks, many existing detection methods for early attack can’t have good detection performance. In this paper, a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) applying R parameter is proposed, which can detect DDoS attacks in complex environments such as early attacks, impulse attacks and intermittent attacks. In addition, in order to solve the influence of the selection of kernel function and regularization paradigm on detection accuracy, R parameter is defined to optimize GMKL method. Firstly, based on statistics, two features are extracted from network flows, namely, super-fusion feature value (SFV) and comprehensive degree of feature (CDF). Secondly, using these two eigenvalues, R parameter is defined to select the combination of kernel function and regularization paradigm. Finally, on the basis of the original data set, three kinds of attacks are simulated: early attack, impulse attack and intermittent attack, and DDOS attacks are identified by using R-GMKL model. The experimental results show that, compared with the simple multiple kernel learning (SMKL) and support vector machine (SVM) algorithms, the proposed algorithm has higher detection rate and lower total error rate in various simulated complex environments. Furthermore, the R-based parameter selection method provides an effective measure of the synergy between the kernel function and the regularization paradigm.

Articles on Computers