高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于EWC算法的DDoS攻击检测模型参数更新方法

张斌 周奕涛

张斌, 周奕涛. 基于EWC算法的DDoS攻击检测模型参数更新方法[J]. 电子与信息学报, 2021, 43(10): 2928-2935. doi: 10.11999/JEIT200682
引用本文: 张斌, 周奕涛. 基于EWC算法的DDoS攻击检测模型参数更新方法[J]. 电子与信息学报, 2021, 43(10): 2928-2935. doi: 10.11999/JEIT200682
Bin ZHANG, Yitao ZHOU. DDoS Attack Detection Model Parameter Update Method Based on EWC Algorithm[J]. Journal of Electronics & Information Technology, 2021, 43(10): 2928-2935. doi: 10.11999/JEIT200682
Citation: Bin ZHANG, Yitao ZHOU. DDoS Attack Detection Model Parameter Update Method Based on EWC Algorithm[J]. Journal of Electronics & Information Technology, 2021, 43(10): 2928-2935. doi: 10.11999/JEIT200682

基于EWC算法的DDoS攻击检测模型参数更新方法

doi: 10.11999/JEIT200682
基金项目: 河南省基础与前沿技术研究计划基金(142300413201),信息保障技术重点实验室开放基金项目(KJ-15-109),信息工程大学科研项目(2019f3303)
详细信息
    作者简介:

    张斌:男,1969年生,教授,博士生导师,研究方向为信息系统安全

    周奕涛:男,1996年生,硕士生,研究方向为基于机器学习的DDoS攻击检测

    通讯作者:

    周奕涛 zyt1996715@163.com

  • 中图分类号: TN918.91; TP393

DDoS Attack Detection Model Parameter Update Method Based on EWC Algorithm

Funds: The Foundation and Frontier Technology Research Project of Henan Province (142300413201), The Open Fund Project of Information Assurance Technology Key Laboratory (KJ-15-109), The Research Project of Information Engineering University (2019f3303)
  • 摘要: 针对现有基于多层线性感知器(Multi-Layer Perceptron, MLP)神经网络的DDoS攻击检测模型参数更新方法(MLP-UD)易遗忘模型训练原参数所用的DDoS攻击数据集(原数据集)知识、时间空间开销大的问题,该文提出一种基于弹性权重保持(Elastic Weight Consolidation, EWC)算法的模型参数更新方法(EWC-UD)。首先,使用K-Means算法计算原数据集聚类簇中心点作为费雪信息矩阵计算样本,有效提升计算样本均匀度与聚类覆盖率,大幅减少费雪信息矩阵计算量,提升参数更新效率。其次,基于费雪信息矩阵,对模型参数更新过程中的损失函数增加2次惩罚项,限制MLP神经网络中重要权重与偏置参数的变化,在保持对原数据集检测性能的基础上,提升对新DDoS攻击数据集的检测准确率。然后基于概率论对EWC-UD方法进行正确性证明,并分析时间复杂度。实验表明,针对构建的测试数据集,EWC-UD方法相较于MLP-UD仅训练新DDoS攻击数据集的更新方法,检测准确率提升37.05%,相较于MLP-UD同时训练新旧DDoS攻击数据集的更新方法,时间开销下降80.65%,内存开销降低33.18%。
  • 图  1  EWC-UD模型参数更新流程

    图  2  随机抽样法与K-Means样本选取法图示

    图  3  不同抽样点数的检测准确率均值标准差填充图

    图  4  场景1与场景2下各类检测算法模型参数更新效果ROC曲线图

    表  1  EWC-UD模型参数更新算法

     输入:原数据集$ {D}_{A} $、新数据集$ {D}_{B} $
     输出:神经网络参数$ {\theta }^{*} $
     1: ${y_t} = {{\rm{label}}} \left( {{D_A}} \right)$ //获得数据集标签
     2: $x = {\rm{data}}({D_A})$ //获得数据集数据
     3:  ${\rm{if} }$ $ {{\rm{Train}}} \_{\rm{Time}} = 1 $ ${\rm{then} }$//首次训练
     4:    ${{\rm{Var}}} \_{\rm{list}} = [{W_1},{b_1},{W_2},{b_2},{W_3},{b_3}]$ // 3层MLP神经网
         络权重与偏置参数
     5:    $N = {{\rm{len}}} ({D_A})$// 提取数据集长度
     6:    $ {y_p}(x) = {{\rm{MLP}}} \left( {x,{{\rm{Var}}} \_{\rm{list}}} \right) $// 神经网络输出预测结果
     7:    $L\left(\theta \right)=\mathrm{CrossEntropy}({y}_{t},{y}_{p})=\displaystyle\sum\nolimits_{{\rm{x}}}{y}_{t}(x)$
         $\cdot \mathrm{lg}({y}_{p}(x))$// 设置损失函数
     8:    ${\rm{Var\_list}} = {\rm{Grandient}}\;{\rm{Descent}}{\rm{.}}\;{\rm{minimize}}(L(\theta ))$//梯度
         下降法搜寻最优参数
     9:   ${\theta ^*} = {{\rm{Var}}} \_{\rm{list}}$
     10:  ${\rm{End} } \;{\rm{if} }$
     11: ${\rm{else} }\; {\rm{if} }$ ${ {\rm{Train} } } \_{\rm{Time} } \ge 2$ ${\rm{then} }$//模型参数更新
     12:   ${{\rm{Var}}} \_{\rm{pre}} = {\rm{Var}}\_{\rm{List}}$//存储原模型参数
     13:   ${N_{\rm{Sample} } } = 30$//设置采样点数为30
     14:   $F = {\rm{zeros}}({\rm{Var}}\_{\rm{pre}})$//费雪信息矩阵初始化
     15:   ${\text{Sampl} }{ {\text{e} }_A} = { {\rm{K} } } \_{\rm{Means} }({D_A},{N_{\rm{Sample} } })$//利用K-Means算
         法获得抽样点
     16:     ${\rm{For} }$ $i$ ${\rm{in}}$ ${{\rm{range}}} ({\rm{len}}({{\rm{Sample}}_A}))$: //计算费雪信息矩
           阵F
     17:      ${{\rm{ders}}} = {{\rm{gradients}}} (\ln ({{{\rm{Sample}}} _A}[i]),{{\rm{Var}}} \_{\rm{pre}})$
     18:      ${\rm{For} }$ $ v $ ${\rm{in}}$ ${{\rm{range}}} ({\rm{len}}(F))$:
     19:       $F[v] + = {{\rm{square}}} ({\rm{ders}}[v])$
     20:      ${\rm{End} } \;{\rm{For} }$
     21:     ${\rm{End} }\;{\rm{For} }$
     22:    $ F = F/{{{\rm{Sample}}} _A} $
     23: ${\rm{End} } \;{\rm{if} }$
     24: ${\rm{For} }$ $i$ ${\rm{in}}$ ${{\rm{range}}} ({\rm{len}}({{\rm{Var}}} \_{\rm{List}}))$: // 修正损失函数
     25: $L(\theta ) = { {\rm{Sum} } } ({ {\rm{CrossEntropy} } } ({y_t},{y_p}),{ {\rm{Multiply} } } (F\left[ v \right],$
       ${(\theta [v] - { {\rm{Var} } } \_{\rm{pre} }[v])^2})) $
     26: ${\rm{End} } \;{\rm{For} }$
     27: ${\theta ^*} = { {\rm{Grandient\;Descent} } } .{\rm{minimize} }(L(\theta ))$ //输出网络参数
    下载: 导出CSV

    表  2  K-Means样本选取法与随机抽样法性能验证(%)

    抽样样本数平均准确率最高准确率最低准确率
    K-MeansRandomK-MeansRandomK-MeansRandom
    386.3578.6596.7895.1750.0049.40
    688.5471.5191.0886.2383.9049.40
    2092.9579.1296.8193.6791.0749.41
    6091.3384.3295.9494.1586.7349.42
    10093.2184.0995.8493.9187.9649.41
    20095.2993.8196.7895.3191.6191.18
    下载: 导出CSV

    表  3  各类模型参数更新方法性能验证

    方法场景1场景2
    准确率(%)精准率(%)召回率(%)F1分数准确率(%)精准率(%)召回率(%)F1分数
    MLP_Whole98.4197.9398.980.9897.1294.1097.120.96
    MLP_New88.7197.0971.720.8359.5299.1744.940.62
    RF-UD88.5071.7390.310.8073.5794.4755.980.70
    DT-UD89.1374.6389.610.8187.8595.0974.930.84
    EWC-UD98.0698.0298.230.9896.5794.9694.670.95
    下载: 导出CSV

    表  4  各类参数更新方法更新成本

    方法场景1场景2
    时间开销(s)内存开销(MB)时间开销(s)内存开销(MB)
    MLP_Whole753.5312783.82322.0311259.08
    MLP_New182.287467.5089.523195.62
    RF-UD127.406278.4634.463850.60
    DT-UD125.537099.8848.023743.80
    EWC-UD145.808541.24128.184318.04
    下载: 导出CSV
  • [1] WANG Meng, LU Yiqin, and QIN Jiancheng. A dynamic MLP-based DDoS attack detection method using feature selection and feedback[J]. Computers & Security, 2020, 88: 101645. doi: 10.1016/j.cose.2019.101645
    [2] 董书琴, 张斌. 基于深度特征学习的网络流量异常检测方法[J]. 电子与信息学报, 2020, 42(3): 695–703. doi: 10.11999/JEIT190266

    DONG Shuqin and ZHANG Bin. Network traffic anomaly detection method based on deep features learning[J]. Journal of Electronics &Information Technology, 2020, 42(3): 695–703. doi: 10.11999/JEIT190266
    [3] KEMKER R, MCCLURE M, ABITINO A, et al. Measuring catastrophic forgetting in neural networks[J]. arXiv preprint, arXiv: 1708.02072, 2017.
    [4] KUMARAN D, HASSABIS D, and MCCLELLAND J L. What learning systems do intelligent agents need? Complementary learning systems theory updated[J]. Trends in Cognitive Sciences, 2016, 20(7): 512–534. doi: 10.1016/j.tics.2016.05.004
    [5] POLIKAR R, UPDA L, UPDA S S, et al. Learn++: An incremental learning algorithm for supervised neural networks[J]. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) , 2001, 31(4): 497–508. doi: 10.1109/5326.983933
    [6] ZRIBI M and BOUJELBENE Y. The neural networks with an incremental learning algorithm approach for mass classification in breast cancer[J]. Biomedical Data Mining, 2016, 5(118): 2. doi: 10.4172/2090-4924.1000118
    [7] SHIOTANI S, FUKUDA T, and SHIBATA T. A neural network architecture for incremental learning[J]. Neurocomputing, 1995, 9(2): 111–130. doi: 10.1016/0925-2312(94)00061-V
    [8] GEPPERTH A and HAMMER B. Incremental learning algorithms and applications[C]. The 24th European Symposium on Artificial Neural Networks, Bruges, Belgium, 2016: 357–368.
    [9] MALLYA A, DAVIS D, and LAZEBNIK S. Piggyback: Adapting a single network to multiple tasks by learning to mask weights[C]. The 15th European Conference on Computer Vision, Munich, Germany, 2018: 72–88. doi: 10.1007/978-3-030-01225-0_5.
    [10] PÉREZ-SÁNCHEZ B, FONTENLA-ROMERO O, GUIJARRO-BERDIÑAS B, et al. An online learning algorithm for adaptable topologies of neural networks[J]. Expert Systems with Applications, 2013, 40(18): 7294–7304. doi: 10.1016/j.eswa.2013.06.066
    [11] KIRKPATRICK J, PASCANU R, RABINOWITZ N, et al. Overcoming catastrophic forgetting in neural networks[J]. Proceedings of the National Academy of Sciences of the United States of America, 2017, 114(13): 3521–3526. doi: 10.1073/pnas.1611835114
    [12] CASTRO F M, MARÍN-JIMÉNEZ M J, GUIL N, et al. End-to-end incremental learning[C]. The 15th European Conference on Computer Vision, Munich, Germany, 2018: 241–257. doi: 10.1007/978-3-030-01258-8_15.
    [13] Canadian Institute for Cybersecurity. CIC-DoS-2016[EB/OL]. https://www.unb.ca/cic/datasets/dos-dataset.html, 2020.
    [14] Canadian Institute for Cybersecurity. CES-DDoS-2017[EB/OL]. https://www.unb.ca/cic/datasets/ids-2017.html, 2020.
    [15] Canadian Institute for Cybersecurity. CES-CIC-IDS2018-AWS[EB/OL]. https://www.unb.ca/cic/datasets/ids-2018.html, 2020.
    [16] SHARAFALDIN I, LASHKARI A H, HAKAK S, et al. Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy[C]. 2019 International Carnahan Conference on Security Technology, Chennai, India, 2019: 1–8. doi: 10.1109/CCST.2019.8888419.
  • 加载中
图(4) / 表(4)
计量
  • 文章访问数:  1009
  • HTML全文浏览量:  624
  • PDF下载量:  52
  • 被引次数: 0
出版历程
  • 收稿日期:  2020-08-04
  • 修回日期:  2021-07-21
  • 网络出版日期:  2021-09-06
  • 刊出日期:  2021-10-18

目录

    /

    返回文章
    返回