基于RLT特征的DDoS攻击检测

2007 International Conference on Computational Intelligence and Security (CIS 2007) Pub Date : 2007-12-15 DOI:10.1109/CIS.2007.56

Tu Xu, Dake He, Yu Luo

{"title":"基于RLT特征的DDoS攻击检测","authors":"Tu Xu, Dake He, Yu Luo","doi":"10.1109/CIS.2007.56","DOIUrl":null,"url":null,"abstract":"To use SVM to detect DDoS precisely, the features vector that can distinguish normal stream from attack stream is required. According to the characters of DDoS, a group of relative values features (RLT features) are proposed. For indicating the existence and intensity of DDoS attack simultaneously, multi-class SVM (MCSVM) is introduced to DDoS detection. As shown in the emulation experiments, our method can detect various DDoS attacks effectively and indicate the attack intensity. The detection result is better than other present detection measures. Because RLT features include more attack information than the detection measures using single attack character, a better detection result is available.","PeriodicalId":127238,"journal":{"name":"2007 International Conference on Computational Intelligence and Security (CIS 2007)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"DDoS Attack Detection Based on RLT Features\",\"authors\":\"Tu Xu, Dake He, Yu Luo\",\"doi\":\"10.1109/CIS.2007.56\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To use SVM to detect DDoS precisely, the features vector that can distinguish normal stream from attack stream is required. According to the characters of DDoS, a group of relative values features (RLT features) are proposed. For indicating the existence and intensity of DDoS attack simultaneously, multi-class SVM (MCSVM) is introduced to DDoS detection. As shown in the emulation experiments, our method can detect various DDoS attacks effectively and indicate the attack intensity. The detection result is better than other present detection measures. Because RLT features include more attack information than the detection measures using single attack character, a better detection result is available.\",\"PeriodicalId\":127238,\"journal\":{\"name\":\"2007 International Conference on Computational Intelligence and Security (CIS 2007)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 International Conference on Computational Intelligence and Security (CIS 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS.2007.56\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Conference on Computational Intelligence and Security (CIS 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.2007.56","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

为了准确地使用SVM检测DDoS，需要能够区分正常流和攻击流的特征向量。针对DDoS攻击的特点，提出了一组相对值特征(RLT特征)。为了同时显示DDoS攻击的存在性和强度，将多类支持向量机(MCSVM)引入到DDoS检测中。仿真实验表明，该方法能够有效检测各种DDoS攻击并指出攻击强度。检测结果优于现有的其他检测方法。由于RLT特征比使用单个攻击特征的检测方法包含更多的攻击信息，因此可以获得更好的检测结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DDoS Attack Detection Based on RLT Features

To use SVM to detect DDoS precisely, the features vector that can distinguish normal stream from attack stream is required. According to the characters of DDoS, a group of relative values features (RLT features) are proposed. For indicating the existence and intensity of DDoS attack simultaneously, multi-class SVM (MCSVM) is introduced to DDoS detection. As shown in the emulation experiments, our method can detect various DDoS attacks effectively and indicate the attack intensity. The detection result is better than other present detection measures. Because RLT features include more attack information than the detection measures using single attack character, a better detection result is available.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2007 International Conference on Computational Intelligence and Security (CIS 2007)

自引率

0.00%

发文量