Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

الملخص EN

Distributed denial of service (DDoS) attacks has caused huge economic losses to society.

They have become one of the main threats to Internet security.

Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment.

In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed.

Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic.

Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL).

The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack.

The experimental results indicate that this method can detect DDoS attacks early and accurately.