The Research On DDoS Attack Detection Based On Deep Learning And Federated Learning

The evolution of network technique has proved very advantageous for modern life but caused excellent network security risks.Distributed Denial of Service(DDoS)attack,as a widespread security threat,uses large-scale zombie hosts to deplete the network resources of the target host in order to prevent legitimate users from accessing services.So far,many scholars have studied various algorithms to detect DDoS attack.Currently,although DDoS attack detection methods cover many fields,mainly based on statistical analysis,machine learning,and deep learning,due to the popularity of deep learning and artificial intelligence,researchers have shifted the focus of detection methods to deep learning.Many studies have proved that applying deep learning to DDoS attack detection has a strong classification effect.Its classification ability has a high dependence on the input of feature engineering.Therefore,on the one hand,this thesis proposes a detection model based on deep learning,which can learn the characteristics of DDoS attack in natural network environments.On the other hand,due to the presence of detection scenarios with single and small features of a single device sample in real networks,which affects the detection accuracy of the model,a federated learning mechanism will be introduced for multi device collaborative training to study intrusion detection algorithms.The main work of this thesis is as follows:(1)A new data processing method is proposed.The first is traffic segmentation.Based on the characteristics of link sharing,the packets in the same stream are distributed for transmission.Therefore,data flow is grouped by session slice method,and the packets are cut by the transport and network layers in bytes,which carry more attack characteristics,and finally,the original packet-byte array format is obtained as one of the inputs of the model.The second is data reconstruction.Most detection methods based on deep learning rely heavily on feature engineering.Hence,after traffic segmentation,the original traffic data generates a gray-level co-occurrence matrix,which is normalized and reconstructed with the original data as the input of the model.Compared with other data processing methods,the results verify that the proposed data processing method enhances the accuracy of the model.(2)A deep learning framework based on CNN and Bi LSTM is proposed.During the attack process,there are short-term feature variations,and manual extraction of data features cannot accurately characterize attack traffic.Deep learning can automatically extract data features and learn multi-dimensional features adaptively.Therefore,this thesis proposes a CNN-Bi LSTM classification model.The data processed by the gray-level co-occurrence matrix carries many spatiotemporal features,and the CNN model can extract many spatial features.Due to the shortcomings of the CNN model in processing context relationships,the Bi LSTM module further extracts its potential features.This thesis verifies the classification performance of the model on CICDS2017 dataset.In contrast to with other deep learning models,the results show that the model has quite detection performance.(3)To solve the problems of low classification accuracy and high false positive rate in the DDoS attack detection tasks caused by data islands,this thesis implements a deep learning model in the federated learning mechanism.Federated learning can not only solve the problem of excessive dependence on data diversity in deep learning detection frameworks,that is,solve the problem of data islands,but also protect privacy information in data packets.In order to further improve the classification accuracy of deep learning models under federated learning,this thesis proposes a new optimization algorithm,Fed Group,which groups clients by making the best of differences among them.The training process has two phase: intra-group and inter-group.During intra-group training,the impact of system heterogeneity and statistical heterogeneity on convergence will be reduced by dynamically adjusting local computation and local objective functions;During inter-group training,the accuracy is improved by fixing the local computation amount.By analyzing the convergence performance of this algorithm on federated datasets,the results demonstrate that this algorithm has desirable convergence.At the same time,the optimization algorithm is combined with a deep learning model to detect DDoS attack.The experiment finds that the detection accuracy has not decreased but has increased slightly,proving that DDoS attack detection based on federated learning solves the problem of data islands while ensuring accuracy.