DDoS Attack Detection Based on Random Forest
Abstract
With the development of network technology, distributed denial of service (DDoS) attacks have increasingly become an important security risk that endangers the network. It uses common protocols and services when attacking, so it is difficult to detect through traditional methods. Based on the idea of rational thinking, DDoS attack detection can be simulated as a classification problem that distinguishes between "rational" and "irrational" network flow states. This article analyzes the common TCP flood attacks, UDP flood attacks, and ICMP flood attacks in detail. Define the characteristics of data stream information entropy (DSIE) to characterize attack behavior. A DDoS attack detection method based on random forest classification (RFC) model is proposed. Establish classification models for the above three types of typical attack methods. Through training and learning, it is finally predicted whether the network traffic is normal. Experimental results show that the RFC model can more accurately distinguish between normal traffic and attack traffic, with a higher detection rate and a lower false alarm rate.
Metrics
Citation History
Topics
Related Documents
Random Forest Implementation for Suricata-Based Real-Time DDoS Attack Detection
JuhariNuralamsah ZulkarnaimMuh Rafli RasyidAndi M. Yusuf
DDoS attack detection using MLP and Random Forest Algorithms
Ashfaq Ahmad NajarS. Manohar Naik
Optimized Random Forest for DDoS Attack Detection in SDN Environment
Zhaohui MaJie ZhangMingdong Tang
SDN-Based DDOS Attack Identification Using Random Forest Classification
Detection Method of Multi-Level Residual Network DDoS Attack Based on Random Forest
Yu ZhengShuang QiuXianFei ZhangGuowei ZhuDangdang DaiXiong Zhang