For the low accuracy of detection and high false-positive rate (FPR) problems in the traditional DDoS attack detection methods, the method based on conditional random fields (CRF) is introduced. The CRF-based model could make full use of the multi-feature fusion together, while it does not demand the characteristics that are independent strictly. The IP flow quintuple entropy conception is put forward as the detection multi-feature vector, which is named as the IPE including the quintuple entropy of the header part of the packets. Our experiments revealed that the multi-feature vector IPE runs well and the CRF-based model detecting method outperforms the other machine learning (ML) methods such as k-nearest neighbor (KNN), support vector machine (SVM), etc. The value of IPE leaps obviously when the DDoS attacks happened under the DARPA 2000 dataset. Simultaneously, the CRF-based method has a better detection performance (more than 90%) and lower FPR (less than 3%), as well as a strong ability of antibackground- noise and good robustness under TFN2K attacking dataset.
CITATION STYLE
Wang, Y., Jiang, H., Liu, Z., & Chen, S. (2015). A crf-based method for ddos attack detection. In Lecture Notes in Electrical Engineering (Vol. 355, pp. 81–87). Springer Verlag. https://doi.org/10.1007/978-3-319-11104-9_10
Mendeley helps you to discover research relevant for your work.