PDF下载分享

[1]高宇晨,张新有,冯力.基于CNN-BiLSTM-SA的DDoS攻击检测方案[J].成都信息工程大学学报,2025,40(04):415-421.[doi:10.16836/j.cnki.jcuit.2025.04.001]
　GAO Yuchen,ZHANG Xinyou,FENG Li.A DDoS Attack Detection Method based on CNN-BiLSTM-SA[J].Journal of Chengdu University of Information Technology,2025,40(04):415-421.[doi:10.16836/j.cnki.jcuit.2025.04.001]

点击复制

基于CNN-BiLSTM-SA的DDoS攻击检测方案

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 40 期数: 2025年04期页码: 415-421 栏目: 电子信息科学与技术出版日期: 2025-08-31

Title:: A DDoS Attack Detection Method based on CNN-BiLSTM-SA

文章编号:: 2096-1618(2025)04-0415-07

作者:: 高宇晨¹; 张新有²; 冯力²; (1.西南交通大学唐山研究院,河北唐山 063000; 2.西南交通大学计算机与人工智能学院,四川成都 611756)

Author(s):: GAO Yuchen¹; ZHANG Xinyou²; FENG Li²; (1.Tangshan Institute, Southwest Jiaotong University, Tangshan 063000, China; 2.School of Computer and Artificial Intelligence, Southwest Jiaotong University, Chengdu 611756, China)

关键词:: 网络安全; 分布式拒绝服务攻击; CNN-BiLSTM; 自注意力机制

Keywords:: network security; distributed denial of service attack; CNN-BiLSTM; self-attention mechanism

分类号:: TP393.08

DOI:: 10.16836/j.cnki.jcuit.2025.04.001

文献标志码:: A

摘要:: 针对传统DDoS攻击检测中存在准确率低、误报率高、低速率攻击流量难检测等问题,提出一种结合卷积神经网络叠加双向长短期记忆网络和自注意力的混合网络模型(CNN-BiLSTM-SA)的DDoS检测方法。卷积神经网络(CNN)和双向长短期记忆网络(BiLSTM)用于提取网络入侵数据的空间与时序特征,自注意力机制为BiLSTM学习的流量特征分配权重,最后利用softmax回归对数据进行分类。为模拟真实网络环境,在融合数据集Mix-DDoS上进行了一系列的消融实验,并评估对比所提方案与其他改进模型的性能。实验结果表明,本文方案对DDoS攻击检测的准确率达到99.45%,为准确发现DDoS攻击,进一步采取防范措施提供保障。

Abstract:: To address the challenges in traditional DDoS attack detection,such as low accuracy,high false positive rates,and the difficulty in detecting low-rate attack traffic,a hybrid network model combining Convolutional Neural Networks(CNN),Bidirectional Long Short-Term Memory Networks(BiLSTM),and self-attention(CNN-BiLSTM-SA)is proposed for DDoS detection.The CNN and BiLSTM are employed to extract the spatial and temporal features of network intrusion data,while the self-attention mechanism is used to ascribe weights to the traffic features learned by BiLSTM.Finally,the data is classified through the utilization of softmax regression.To simulate a real network environment,a series of ablation experiments were conducted on the Mix-DDoS dataset,and the proposed scheme was compared with other improved models.The experimental results demonstrate that the proposed scheme achieves an accuracy of 99.45% in detecting DDoS attacks,thereby providing a reliable foundation for identifying DDoS attacks and taking further preventive measures.

参考文献/References:

[1] Gulihar P,Gupta B.Cooperative mechanisms for defending distributed denial of service(DDoS)attacks[J]. Handbook of Computer Networks and Cyber Security:Principles and Paradigms,2020:421-443.
[2] Prasad K,Rama A,Venugopal K.Ensemble classifiers with drift detection(ECDD)in traffic flow streams to detect DDOS attacks[J]. Wireless Personal Communications,2018,99:1639-1659.
[3] Villa-Pérez M,Alvarez-Carmona M,Loyola-González O,et al.Semi-supervised anomaly detection algorithms:A comparative summary and future research directions[J]. Knowledge-Based Systems,2021,218:106878.
[4] 贾婧,王庆生,陈永乐,等.基于注意力机制的DDoS攻击检测方法[J]. 计算机工程与设计,2021,42(9):2439-2445.
[5] Vinayakumar R,Soman K P,Poornachandran P.Applying convolutional neural network for network intrusion detection[C]. 2017 International Conference on Advances in Computing,Communications and Informatics(ICACCI).IEEE,2017:1222-1228.
[6] Çakmakç S,Kemmerich T,Ahmed T,et al.Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm[J]. Journal of Network and Computer Applications,2020,168:102756.
[7] Hosseini S,Azizi M.The hybrid technique for DDoS detection with supervised learning algorithms[J]. Computer Networks,2019,158:35-45.
[8] Tonkal Ö,Polat H,Ba 瘙塂 aran E,et al.Machine learning approach equipped with neighbourhood component analysis for DDoS attack detection insoftware-defined networking[J]. Electronics,2021,10(11):1227.
[9] Sahoo K S,Tripathy B K,Naik K,et al.An evolutionary SVM model for DDOS attack detection in software defined networks[J]. IEEE access,2020,8:132502-132513.
[10] Cil A,Yildiz K,Buldu A.Detection of DDoS attacks with feed forward based deep neural network model[J]. Expert Systems with Applications,2021,169:114520.
[11] Doriguzzi-Corin R,Millar S,Scott-Hayward S,et al.LUCID:A practical,lightweight deep learning solution for DDoS attack detection[J]. IEEE Transactions on Network and Service Management,2020,17(2):876-889.
[12] Lee S,Shiue Y,Cheng C,et al.Detection and prevention of DDoS attacks on the IoT[J]. Applied Sciences,2022,12(23):12407.
[13] Li Y,Lu Y.LSTM-BA:DDoS detection approach combining LSTM and Bayes[C]. 2019 seventh international conference on advanced cloud and big data(CBD).IEEE,2019:180-185.
[14] Novaes M,Carvalho L,Lloret J,et al.Long short-term memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment[J]. IEEE Access,2020,8:83765-83781.
[15] Wang J,Wang L.SDN-Defend:a lightweight online attack detection and mitigation system for DDoS attacks in SDN[J]. Sensors,2022,22(21):8287.
[16] Shieh C,Nguyen T,Horng M.Detection of unknown ddos attack using convolutional neural networks featuring geometrical metric[J]. Mathematics,2023,11(9):2145.
[17] Mustapha A,Khatoun R,Zeadally S,et al.Detecting DDoS attacks using adversarial neural network[J]. Computers & Security,2023,127:103117.
[18] 白坚镜,顾瑞春,刘清河.SDN环境中基于Bi-LSTM的DDoS攻击检测方案[J]. 计算机工程与科学,2023,45(2):277-285.
[19] 罗逸涵,程杰仁,唐湘滟,等.基于自适应阈值的DDoS攻击态势预警模型[J]. 浙江大学学报(工学版),2020,54(4):704-711.
[20] 郭三田,柳毅.一种类平衡和CNN结合的网络入侵检测方法[J]. 计算机应用与软件,2023,40(7):326-332.
[21] Sun W,Li P,Liu Z,et al.LSTM based link quality confidence interval boundary prediction for wireless communication in smart grid[J]. Computing,2021,103(2):251-269.
[22] Lei M,Wei H,Ke L.Photovoltaic ultra-short term power prediction model based on Attention-LSTM[J]. Electrical measurement and instrument,2021,58:146-152.
[23] Zhang X,Liang X,Zhi A,et al.At-lstm:An attention-based lstm model for financial time series prediction[C]. IOP Conference Series:Materials Science and Engineering.IOP Publishing,2019,569(5):052037.
[24] Prasad M,Babu V,Amarnath C.Machine learning ddos detection using stochastic gradient boosting[J]. Int.J.Comput.Sci.Eng,2019,7(4):157-16.
[25] Jazi H,Gonzalez H,Stakhanova N,et al.Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling[J]. Computer Networks,2017,121:25-36.
[26] Sharafaldin I,Lashkari A,Ghorbani A.Toward generating a new intrusion detection dataset and intrusion traffic characterization[J]. ICISS,2018,1:108-116.

相似文献/References:

[1]田娟,方国强,何星庭,等.基于网络安全态势感知的四川气象信息网络检测防御技术研究[J].成都信息工程大学学报,2024,39(02):178.[doi:10.16836/j.cnki.jcuit.2024.02.008]
　TIAN Juan,FANG Guoqiang,HE Xingting,et al.Research on Sichuan Meteorological Information Network Detection and Defense Technology based on Network Security Situation Awareness[J].Journal of Chengdu University of Information Technology,2024,39(04):178.[doi:10.16836/j.cnki.jcuit.2024.02.008]

备注/Memo

收稿日期:2024-10-30
基金项目:国家自然科学基金资助项目(62172342)
通信作者:张新有.E-mail:xyzhang@swjtu.edu.cn

更新日期/Last Update: 2025-08-31