Efficient Based on Improved Random Forest Defense System Against Application-Layer DDoS Attacks

IF 5 2区 计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE
Junjiang He, Wenbo Fang, Xiaolong Lan, Geying Yang, Ziyu Chen, Yang Chen, Tao Li, Jiangchuan Chen
{"title":"Efficient Based on Improved Random Forest Defense System Against Application-Layer DDoS Attacks","authors":"Junjiang He,&nbsp;Wenbo Fang,&nbsp;Xiaolong Lan,&nbsp;Geying Yang,&nbsp;Ziyu Chen,&nbsp;Yang Chen,&nbsp;Tao Li,&nbsp;Jiangchuan Chen","doi":"10.1155/2024/9044391","DOIUrl":null,"url":null,"abstract":"<div>\n <p>Application-layer distributed denial of service (DDoS) attacks have become the main threat to Web server security. Because application-layer DDoS attacks have strong concealability and high authenticity, intrusion detection technologies that rely solely on judging client authenticity cannot accurately detect such attacks. In addition, application-layer DDoS attacks are periodic and repetitive, and attack targets suddenly in a short period. In this study, we propose an efficient application-layer DDoS detection system based on improved random forest. Firstly, the Web logs are preprocessed to extract the user session characteristics. Subsequently, we propose a Session Identification based on Separation and Aggregation (SISA) method to accurately capture user sessions. Lastly, we propose an improved random forest classification algorithm based on feature weighting to address the issue of an increasing number of features leading to prolonged calculation times in the random forest algorithm, and as the feature dimension increases, there might be instances where no subfeature is related to the category to be classified. More importantly, we compare the request source IP with the malicious IP in the threat intelligence library to deal with the periodicity and repetition of application-layer DDoS attacks. We conducted a comprehensive experiment on the publicly available Web log dataset and the threat intelligence database of the laboratory as well as the simulated generated attack log dataset in the laboratory environment. The experimental results show that the proposed detection system can control the false alarm rate and false alarm rate within a reasonable range, improving the detection efficiency further, the detection rate is 99.85%. In secondary attack detection experiments, our proposed detection method achieves a higher detection rate in a shorter time.</p>\n </div>","PeriodicalId":14089,"journal":{"name":"International Journal of Intelligent Systems","volume":"2024 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1155/2024/9044391","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1155/2024/9044391","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0

Abstract

Application-layer distributed denial of service (DDoS) attacks have become the main threat to Web server security. Because application-layer DDoS attacks have strong concealability and high authenticity, intrusion detection technologies that rely solely on judging client authenticity cannot accurately detect such attacks. In addition, application-layer DDoS attacks are periodic and repetitive, and attack targets suddenly in a short period. In this study, we propose an efficient application-layer DDoS detection system based on improved random forest. Firstly, the Web logs are preprocessed to extract the user session characteristics. Subsequently, we propose a Session Identification based on Separation and Aggregation (SISA) method to accurately capture user sessions. Lastly, we propose an improved random forest classification algorithm based on feature weighting to address the issue of an increasing number of features leading to prolonged calculation times in the random forest algorithm, and as the feature dimension increases, there might be instances where no subfeature is related to the category to be classified. More importantly, we compare the request source IP with the malicious IP in the threat intelligence library to deal with the periodicity and repetition of application-layer DDoS attacks. We conducted a comprehensive experiment on the publicly available Web log dataset and the threat intelligence database of the laboratory as well as the simulated generated attack log dataset in the laboratory environment. The experimental results show that the proposed detection system can control the false alarm rate and false alarm rate within a reasonable range, improving the detection efficiency further, the detection rate is 99.85%. In secondary attack detection experiments, our proposed detection method achieves a higher detection rate in a shorter time.

Abstract Image

基于改进型随机森林的高效防御系统可抵御应用层 DDoS 攻击
应用层分布式拒绝服务(DDoS)攻击已成为网络服务器安全的主要威胁。由于应用层 DDoS 攻击具有较强的隐蔽性和较高的真实性,单纯依靠判断客户端真实性的入侵检测技术无法准确检测出此类攻击。此外,应用层 DDoS 攻击具有周期性和重复性的特点,攻击目标会在短时间内突然出现。在本研究中,我们提出了一种基于改进随机森林的高效应用层 DDoS 检测系统。首先,对网络日志进行预处理,提取用户会话特征。随后,我们提出了基于分离和聚合的会话识别(SISA)方法,以准确捕捉用户会话。最后,我们提出了一种基于特征加权的改进型随机森林分类算法,以解决特征数量增加导致随机森林算法计算时间延长的问题,而且随着特征维度的增加,可能会出现没有子特征与待分类类别相关的情况。更重要的是,我们将请求源 IP 与威胁情报库中的恶意 IP 进行比较,以应对应用层 DDoS 攻击的周期性和重复性。我们对公开的网络日志数据集和实验室的威胁情报数据库以及在实验室环境中模拟生成的攻击日志数据集进行了综合实验。实验结果表明,所提出的检测系统能将误报率和误报率控制在合理范围内,进一步提高了检测效率,检测率达到 99.85%。在二次攻击检测实验中,我们提出的检测方法在更短的时间内实现了更高的检测率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Intelligent Systems
International Journal of Intelligent Systems 工程技术-计算机:人工智能
CiteScore
11.30
自引率
14.30%
发文量
304
审稿时长
9 months
期刊介绍: The International Journal of Intelligent Systems serves as a forum for individuals interested in tapping into the vast theories based on intelligent systems construction. With its peer-reviewed format, the journal explores several fascinating editorials written by today''s experts in the field. Because new developments are being introduced each day, there''s much to be learned — examination, analysis creation, information retrieval, man–computer interactions, and more. The International Journal of Intelligent Systems uses charts and illustrations to demonstrate these ground-breaking issues, and encourages readers to share their thoughts and experiences.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信