Jieren Cheng^{1, 2}, Canting Cai^{1, *}, Xiangyan Tang¹, Victor S. Sheng³, Wei Guo¹, Mengyang Li¹

CMC-Computers, Materials & Continua, Vol.63, No.1, pp. 131-150, 2020, DOI:10.32604/cmc.2020.06175

Abstract Traditional distributed denial of service (DDoS) detection methods need a lot of computing resource, and many of them which are based on single element have high missing rate and false alarm rate. In order to solve the problems, this paper proposes a DDoS attack information fusion method based on CNN for multi-element data. Firstly, according to the distribution, concentration and high traffic abruptness of DDoS attacks, this paper defines six features which are respectively obtained from the elements of source IP address, destination IP address, source port, destination port, packet size and the number of IP packets. Then, we propose… More >

Jieren Cheng^{1, 2}, Junqi Li^{2, *}, Xiangyan Tang², Victor S. Sheng³, Chen Zhang², Mengyang Li²

CMC-Computers, Materials & Continua, Vol.62, No.3, pp. 1423-1443, 2020, DOI:10.32604/cmc.2020.06176

Abstract Distributed Denial of Service (DDoS) attack has become one of the most destructive network attacks which can pose a mortal threat to Internet security. Existing detection methods cannot effectively detect early attacks. In this paper, we propose a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) combining with the constructed parameter R. The super-fusion feature value (SFV) and comprehensive degree of feature (CDF) are defined to describe the characteristic of attack flow and normal flow. A method for calculating R based on SFV and CDF is proposed to select the combination of kernel function and regularization… More >

Jieren Cheng^{1, 2}, Yifu Liu^{1, *}, Xiangyan Tang¹, Victor S. Sheng³, Mengyang Li¹, Junqi Li¹

CMC-Computers, Materials & Continua, Vol.62, No.3, pp. 1317-1333, 2020, DOI:10.32604/cmc.2020.06177

Abstract Distributed Denial-of-Service (DDoS) has caused great damage to the network in the big data environment. Existing methods are characterized by low computational efficiency, high false alarm rate and high false alarm rate. In this paper, we propose a DDoS attack detection method based on network flow grayscale matrix feature via multiscale convolutional neural network (CNN). According to the different characteristics of the attack flow and the normal flow in the IP protocol, the seven-tuple is defined to describe the network flow characteristics and converted into a grayscale feature by binary. Based on the network flow grayscale matrix feature (GMF), the… More >

Chen Zhang¹, Jieren Cheng^1,2,3,*, Xiangyan Tang¹, Victor S. Sheng⁴, Zhe Dong¹, Junqi Li¹

CMC-Computers, Materials & Continua, Vol.61, No.2, pp. 657-675, 2019, DOI:10.32604/cmc.2019.06207

Abstract Distributed denial of service (DDoS) attacks launch more and more frequently and are more destructive. Feature representation as an important part of DDoS defense technology directly affects the efficiency of defense. Most DDoS feature extraction methods cannot fully utilize the information of the original data, resulting in the extracted features losing useful features. In this paper, a DDoS feature representation method based on deep belief network (DBN) is proposed. We quantify the original data by the size of the network flows, the distribution of IP addresses and ports, and the diversity of packet sizes of different protocols and train the… More >

Xiangyan Tang¹, Qidong Zheng^1,*, Jieren Cheng^1,2, Victor S. Sheng³, Rui Cao¹, Meizhu Chen¹

CMC-Computers, Materials & Continua, Vol.60, No.3, pp. 1263-1281, 2019, DOI:10.32604/cmc.2019.06173

Abstract The existing network security situation assessment methods cannot effectively assess the Distributed denial-of-service (DDoS) attack situation. In order to solve these problems, we propose a DDoS attack situation assessment method via optimized cloud model based on influence function. Firstly, according to the state change characteristics of the IP addresses which are accessed by new and old user respectively, this paper defines a fusion feature value. Then, based on this value, we establish a V-Support Vector Machines (V-SVM) classification model to analyze network flow for identifying DDoS attacks. Secondly, according to the change of new and old IP addresses, we propose… More >

Jieren Cheng^1,2, Ruomeng Xu^1,*, Xiangyan Tang¹, Victor S. Sheng³, Canting Cai¹

CMC-Computers, Materials & Continua, Vol.55, No.1, pp. 95-119, 2018, DOI:10.3970/cmc.2018.055.095

Abstract Distributed denial-of-service (DDoS) is a rapidly growing problem with the fast development of the Internet. There are multitude DDoS detection approaches, however, three major problems about DDoS attack detection appear in the big data environment. Firstly, to shorten the respond time of the DDoS attack detector; secondly, to reduce the required compute resources; lastly, to achieve a high detection rate with low false alarm rate. In the paper, we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems. We define… More >