基于改进模糊C-均值聚类的DDoS攻击安全态势评估模型

新型网络环境下，传统的网络态势评估方法已经不能有效地评估分布式拒绝服务攻击DDoS的安全态势。提出了基于改进模糊C 均值FCM聚类的DDoS攻击的安全态势评估模型。该模型根据新老用户网络流IP地址状态变化和单双向网络流的融合特征，计算出网络系统各节点的风险指标，通过汇聚网络中各个节点的风险指标生成整个网络的安全态势信息，再用改进的模糊C-均值聚类算法将融合的安全态势信息分为五个安全等级，最后采用风险等级识别模型对整个网络的DDoS攻击安全态势进行定量评估。实验结果表明，该模型能够合理有效地评估DDoS攻击的安全态势，比现有的评估方法更准确灵活。

A DDoS attack security situation assessment model based on improved fuzzy C-means clustering

Traditional network situation assessment methods cannot effectively evaluate the distributed denial of service (DDoS) attack security situation in the new network environment. We propose a DDoS attack security situation assessment model based on improved fuzzy C-means (FCM) clustering. This model generates a fusion feature gained from network flow IP address changes of old and new users and unilateral and bilateral network flow, and calculates the risk indexes of each network node on the basis of the fusion feature. The security situation information of the whole network can be obtained by fusing the risk indexes of all the nodes in the network, which is then classified into five security levels by the improved FCM. The DDoS attack security situation of the whole network therefore can be quantitatively evaluated by the proposed model. Experiments on real DDoS data show that the proposed model can assess the DDoS attack security situation reasonably and effectively, and it is more flexible and accurate than existing methods.