周奕涛,
1.中国人民解放军战略支援部队信息工程大学 郑州 450001
2.河南省信息安全重点实验室 郑州 450001
基金项目:河南省基础与前沿技术研究计划基金(142300413201),信息保障技术重点实验室开放基金项目(KJ-15-109),信息工程大学科研项目(2019f3303)
详细信息
作者简介:张斌:男,1969年生,教授,博士生导师,研究方向为信息系统安全
周奕涛:男,1996年生,硕士生,研究方向为基于机器学习的DDoS攻击检测
通讯作者:周奕涛 zyt1996715@163.com
中图分类号:TN918.91; TP393计量
文章访问数:154
HTML全文浏览量:122
PDF下载量:20
被引次数:0
出版历程
收稿日期:2020-08-04
修回日期:2021-07-21
网络出版日期:2021-09-06
刊出日期:2021-10-18
DDoS Attack Detection Model Parameter Update Method Based on EWC Algorithm
Bin ZHANG,Yitao ZHOU,
1. PLA SSF Information Engineering University, Zhengzhou 450001, China
2. Henan Key Laboratory of Information Security, Zhengzhou 450001, China
Funds:The Foundation and Frontier Technology Research Project of Henan Province (142300413201), The Open Fund Project of Information Assurance Technology Key Laboratory (KJ-15-109), The Research Project of Information Engineering University (2019f3303)
摘要
摘要:针对现有基于多层线性感知器(Multi-Layer Perceptron, MLP)神经网络的DDoS攻击检测模型参数更新方法(MLP-UD)易遗忘模型训练原参数所用的DDoS攻击数据集(原数据集)知识、时间空间开销大的问题,该文提出一种基于弹性权重保持(Elastic Weight Consolidation, EWC)算法的模型参数更新方法(EWC-UD)。首先,使用K-Means算法计算原数据集聚类簇中心点作为费雪信息矩阵计算样本,有效提升计算样本均匀度与聚类覆盖率,大幅减少费雪信息矩阵计算量,提升参数更新效率。其次,基于费雪信息矩阵,对模型参数更新过程中的损失函数增加2次惩罚项,限制MLP神经网络中重要权重与偏置参数的变化,在保持对原数据集检测性能的基础上,提升对新DDoS攻击数据集的检测准确率。然后基于概率论对EWC-UD方法进行正确性证明,并分析时间复杂度。实验表明,针对构建的测试数据集,EWC-UD方法相较于MLP-UD仅训练新DDoS攻击数据集的更新方法,检测准确率提升37.05%,相较于MLP-UD同时训练新旧DDoS攻击数据集的更新方法,时间开销下降80.65%,内存开销降低33.18%。
关键词:分布式拒绝服务/
模型参数更新/
弹性权重保持算法/
多层线性感知器
Abstract:For the problem in the existing Multi-Layer Perceptron (MLP) based DDoS detection model parameter update method that the old model parameter training dataset knowledge is forgettable and the time and space complexity are enormous, a novel model parameter UpDate method EWC-UD based on Elastic Weight Consolidation (EWC) is proposed. Firstly, the cluster center points of the old dataset are calculated as the calculation samples of Fisher information matrix by the K-Means algorithm. The coverage rates of clusters and sampling uniformity are raised effectively, which significantly reduces the amount of Fisher Information Matrix calculation and improves the efficiency of the model parameter updates. Secondly, according to the calculated Fisher information matrix, a secondary penalty item is added to the loss function, limiting the important weight and bias parameter changes in the neural network. Maintaining the detection performance of the old DDoS attack dataset, EWC-UD improves the detection accuracy of the new DDoS attack datasets. Then based on probability theory, the correctness of EWC-UD is proved, and the time complexity is analyzed. Experiments show that for the constructed test dataset, the detection accuracy of EWC-UD is 37.05% higher than the MLP-UD that only trains the new DDoS attack dataset, and compared with the time MLP-UD training both new and old DDoS attack datasets, the time and memory costs are reduced by 80.65% and 33.18 respectively.
Key words:Distributed Denail of Service (DDoS)/
Model parameter update/
Elastic Weight Consolidation (EWC) algorithm/
Multi-Layer Perceptron (MLP)
PDF全文下载地址:
https://jeit.ac.cn/article/exportPdf?id=e9b393da-f57d-4e36-bb5f-4a7e2a1d3ff0
