Find in Library

Low-Rate distributed denial of service (DDoS) attack attacks the vulnerabilities in the adaptive mechanism of network protocols, posing a huge threat to the quality of network services. Low-Rate DDoS attack was characterized by high secrecy, low attack rate, and periodicity. Existing detection methods have the problems of single detection type and low identification accuracy. In order to solve them, a multi-type low-rate DDoS attack detection method based on hybrid deep learning was proposed. Different types of low-rate DDoS attacks and normal traffic in different scenarios under 5G environment were simulated. Traffic was collected at the network entrance and its traffic characteristic information was extracted to obtain multiple types of low-rate DDoS attack data sets. From the perspective of statistical threshold and feature engineering, the characteristics of different types of low-rate DDoS attacks were analyzed respectively, and the effective feature set of 40-dimension low-rate DDoS attacks was obtained. CNN-RF hybrid deep learning algorithm was used for offline training based on the effective feature set, and the performance of this algorithm was compared with LSTM-Light GBM and LSTM-RF algorithms. The CNN-RF detection model was deployed on the gateway to realize the online detection of multiple types of low-rate DDoS attacks, and the performance was evaluated by using the newly defined error interception rate and malicious traffic detection rate indexes. The results show that the proposed method can detect four types of low-rate DDoS attacks online, including Slow Headers attack, Slow Body attack, Slow Read attack and Shrew attack, and the error interception rate reaches 11.03% in 120 s time window. The detection rate of malicious traffic reaches 96.22%. It can be judged by the results that the proposed method can significantly reduce the intensity of low-rate DDoS attack traffic at the network entrance, and can be deployed and applied in the actual environment.