A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning
Distributed Denial of Service (DDoS) attack has become one of the most de-structive network attacks which can pose a mortal threat to Internet security. Because of the large scale of network stream data and heterogeneous characteristics of DDoS attacks, many existing detection methods for early attack can’t have good detection performance. In this paper, a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) applying R parameter is proposed, which can detect DDoS attacks in complex environments such as early attacks, impulse attacks and intermittent attacks. In addition, in order to solve the influence of the selection of kernel function and regularization paradigm on detection accuracy, R parameter is defined to optimize GMKL method. Firstly, based on statistics, two features are extracted from network flows, namely, super-fusion feature value (SFV) and comprehensive degree of feature (CDF). Secondly, using these two eigenvalues, R parameter is defined to select the combination of kernel function and regularization paradigm. Finally, on the basis of the original data set, three kinds of attacks are simulated: early attack, impulse attack and intermittent attack, and DDOS attacks are identified by using R-GMKL model. The experimental results show that, compared with the simple multiple kernel learning (SMKL) and support vector machine (SVM) algorithms, the proposed algorithm has higher detection rate and lower total error rate in various simulated complex environments. Furthermore, the R-based parameter selection method provides an effective measure of the synergy between the kernel function and the regularization paradigm.
Articles published by TSP are under an Open Access license, which means all articles published by TSP are accessible online free of charge and as free of technical and legal barriers to everyone. Published materials can be re-used if properly acknowledged and cited Open Access publication is supported by the authors' institutes or research funding agencies by payment of a comparatively low Article Processing Charge (APC) for accepted articles.