A DDoS Attack Information Fusion Method Based on CNN for Multi-Element Data

Traditional distributed denial of service (DDoS) detection methods need a lot of computing resource, and many of them which are based on single element have high missing rate and false alarm rate. In order to solve the problems, this paper proposes a DDoS attack information fusion method based on CNN for multi-element data. Firstly, according to the distribution, concentration and high traffic abruptness of DDoS attacks, this paper defines six features which are respectively obtained from the elements of source IP address, destination IP address, source port, destination port, packet size and the number of IP packets. Then, we propose feature weight calculation algorithm based on principal component analysis to measure the importance of different features in different network environment. The algorithm of weighted multi-element feature fusion proposed in this paper is used to fuse different features, and obtain multi-element fusion feature (MEFF) value. Finally, the DDoS attack information fusion classification model is established by using convolutional neural network and support vector machine respectively based on the MEFF time series. Experimental results show that the information fusion method proposed can effectively fuse multi-element data, reduce the missing rate and total error rate, memory resource consumption, running time, and improve the detection rate.     

An Abnormal Network Flow Feature Sequence Prediction Approach for DDoS Attacks Detection in Big Data Environment

Distributed denial-of-service (DDoS) is a rapidly growing problem with the fast development of the Internet. There are multitude DDoS detection approaches, however, three major problems about DDoS attack detection appear in the big data environment. Firstly, to shorten the respond time of the DDoS attack detector; secondly, to reduce the required compute resources; lastly, to achieve a high detection rate with low false alarm rate. In the paper, we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems. We define a network flow abnormal index as PDRA with the percentage of old IP addresses, the increment of the new IP addresses, the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address. We design an IP address database using sequential storage model which has a constant time complexity. The autoregressive integrated moving average (ARIMA) trending prediction module will be started if and only if the number of continuous PDRA sequence value, which all exceed an PDRA abnormal threshold (PAT), reaches a certain preset threshold. And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT. Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence. Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption, identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.     

A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning

Distributed Denial of Service (DDoS) attack has become one of the most destructive network attacks which can pose a mortal threat to Internet security. Existing detection methods cannot effectively detect early attacks. In this paper, we propose a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) combining with the constructed parameter R. The super-fusion feature value (SFV) and comprehensive degree of feature (CDF) are defined to describe the characteristic of attack flow and normal flow. A method for calculating R based on SFV and CDF is proposed to select the combination of kernel function and regularization paradigm. A DDoS attack detection classifier is generated by using the trained GMKL model with R parameter. The experimental results show that kernel function and regularization parameter selection method based on R parameter reduce the randomness of parameter selection and the error of model detection, and the proposed method can effectively detect DDoS attacks in complex environments with higher detection rate and lower error rate.     

A DDoS Attack Situation Assessment Method via Optimized Cloud Model Based on Influence Function

The existing network security situation assessment methods cannot effectively assess the Distributed denial-of-service (DDoS) attack situation. In order to solve these problems, we propose a DDoS attack situation assessment method via optimized cloud model based on influence function. Firstly, according to the state change characteristics of the IP addresses which are accessed by new and old user respectively, this paper defines a fusion feature value. Then, based on this value, we establish a V-Support Vector Machines (V-SVM) classification model to analyze network flow for identifying DDoS attacks. Secondly, according to the change of new and old IP addresses, we propose three evaluation indexes. Furthermore, we propose index weight calculation algorithm to measure the importance of different indexes. According to the fusion index, which is optimized by the weighted algorithm, we define the Risk Degree (RD) and calculate the RD value of each network node. Then we obtain the situation information of the whole network according to the RD values, which are from each network nodes with different weights. Finally, the whole situation information is classified via cloud model to quantitatively assess the DDoS attack situation. The experimental results show that our method can not only improve the detection rate and reduce the missing rate of DDoS attacks, but also access the DDoS attack situation effectively. This method is more accurate and flexible than the existing methods.     

Novel DDoS Feature Representation Model Combining Deep Belief Network and Canonical Correlation Analysis

Distributed denial of service (DDoS) attacks launch more and more frequently and are more destructive. Feature representation as an important part of DDoS defense technology directly affects the efficiency of defense. Most DDoS feature extraction methods cannot fully utilize the information of the original data, resulting in the extracted features losing useful features. In this paper, a DDoS feature representation method based on deep belief network (DBN) is proposed. We quantify the original data by the size of the network flows, the distribution of IP addresses and ports, and the diversity of packet sizes of different protocols and train the DBN in an unsupervised manner by these quantified values. Two feedforward neural networks (FFNN) are initialized by the trained deep belief network, and one of the feedforward neural networks continues to be trained in a supervised manner. The canonical correlation analysis (CCA) method is used to fuse the features extracted by two feedforward neural networks per layer. Experiments show that compared with other methods, the proposed method can extract better features.     

DDoS Detection in SDN using Machine Learning Techniques

Software-defined network (SDN) becomes a new revolutionary paradigm in networks because it provides more control and network operation over a network infrastructure. The SDN controller is considered as the operating system of the SDN based network infrastructure, and it is responsible for executing the different network applications and maintaining the network services and functionalities. Despite all its tremendous capabilities, the SDN face many security issues due to the complexity of the SDN architecture. Distributed denial of services (DDoS) is a common attack on SDN due to its centralized architecture, especially at the control layer of the SDN that has a network-wide impact. Machine learning is now widely used for fast detection of these attacks. In this paper, some important feature selection methods for machine learning on DDoS detection are evaluated. The selection of optimal features reflects the classification accuracy of the machine learning techniques and the performance of the SDN controller. A comparative analysis of feature selection and machine learning classifiers is also derived to detect SDN attacks. The experimental results show that the Random forest (RF) classifier trains the more accurate model with 99.97% accuracy using features subset by the Recursive feature elimination (RFE) method.     

An Erebus Attack Detection Method Oriented to Blockchain Network Layer

Recently, the Erebus attack has proved to be a security threat to the blockchain network layer, and the existing research has faced challenges in detecting the Erebus attack on the blockchain network layer. The cloud-based active defense and one-sidedness detection strategies are the hindrances in detecting Erebus attacks. This study designs a detection approach by establishing a ReliefF_WMRmR-based two-stage feature selection algorithm and a deep learning-based multimodal classification detection model for Erebus attacks and responding to security threats to the blockchain network layer. The goal is to improve the performance of Erebus attack detection methods, by combining the traffic behavior with the routing status based on multimodal deep feature learning. The traffic behavior and routing status were first defined and used to describe the attack characteristics at diverse stages of s leak monitoring, hidden traffic overlay, and transaction identity forgery. The goal is to clarify how an Erebus attack affects the routing transfer and traffic state on the blockchain network layer. Consequently, detecting objects is expected to become more relevant and sensitive. A two-stage feature selection algorithm was designed based on ReliefF and weighted maximum relevance minimum redundancy (ReliefF_WMRmR) to alleviate the overfitting of the training model caused by redundant information and noise in multiple source features of the routing status and traffic behavior. The ReliefF algorithm was introduced to select strong correlations and highly informative features of the labeled data. According to WMRmR, a feature selection framework was defined to eliminate weakly correlated features, eliminate redundant information, and reduce the detection overhead of the model. A multimodal deep learning model was constructed based on the multilayer perceptron (MLP) to settle the high false alarm rates incurred by multisource data. Using this model, isolated inputs and deep learning were conducted on the selected routing status and traffic behavior. Redundant intermodal information was removed because of the complementarity of the multimodal network, which was followed by feature fusion and output feature representation to boost classification detection precision. The experimental results demonstrate that the proposed method can detect features, such as traffic data, at key link nodes and route messages in a real blockchain network environment. Additionally, the model can detect Erebus attacks effectively. This study provides novelty to the existing Erebus attack detection by increasing the accuracy detection by 1.05%, the recall rate by 2.01%, and the F1-score by 2.43%.     

An Effective Classifier Model for Imbalanced Network Attack Data

Recently, machine learning algorithms have been used in the detection and classification of network attacks. The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98, KDD’99, NSL-KDD, UNSW-NB15, and Caida DDoS. However, these datasets have two major challenges: imbalanced data and high-dimensional data. Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets. On the other hand, having a large number of features increases the runtime load on the algorithms. A novel model is proposed in this paper to overcome these two concerns. The number of features in the model, which has been tested at CICIDS2017, is initially optimized by using genetic algorithms. This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimum time. Afterwards, a multi-layer perceptron based ensemble learning approach has been applied to improve the models’ overall performance. The experimental results show that the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset, with a high f1-score (0.91) and g-mean (0.99) value. Furthermore, it has outperformed base classifier models and voting procedures.     

基于卷积神经网络和Transformer网络的鸟声识别

针对传统鸟声识别算法中特征提取方式单一、分类识别准确率低等问题,提出一种结合卷积神经网络和Transformer网络的鸟声识别方法。该方法综合考虑网络局部特征学习和全局上下文依赖性构造,从原始鸟声音频信号中提取短时傅里叶变换(Short Time Fourier Transform,STFT)语谱图特征,将其输入到卷积神经网络(ConvolutionalNeural Network,CNN)中提取局部频谱特征信息,同时提取鸟声信号的对数梅尔特征及一阶差分、二阶差分特征用于合成梅尔频率倒谱系数(Mel Frequency Cepstrum Coefficient,MFCC)混合特征向量,将其输入到Transformer网络中获取全局序列特征信息,最后融合所提取的特征可得到更丰富的鸟声特征参数,通过Softmax分类器得到鸟声识别结果。在Birdsdata和xeno-canto鸟声数据集上进行实验,平均识别准确率分别达到了97.81%和89.47%。实验结果表明该方法相较于其他现有的鸟声识别模型具有更高的识别准确率。     

基于卷积神经网络的生物式水质监测方法

生物式水质监测通常是先通过提取水生物在不同环境下的应激反应特征,再进行特征分类,从而识别水质。针对水质监测问题,提出一种使用卷积神经网络(CNN)的方法。鱼类运动轨迹是当前所有文献使用的多种水质分类特征的综合性表现,是生物式水质分类的重要依据。使用Mask-RCNN的图像分割方法,求取鱼体的质心坐标,并绘制出一定时间段内鱼体的运动轨迹图像,制作正常与异常水质下两种轨迹图像数据集。融合Inception-v3网络作为数据集的特征预处理部分,重新建立卷积神经网络对Inception-v3网络提取的特征进行分类。通过设置多组平行实验,在不同的水质环境中对正常水质与异常水质进行分类。结果表明,卷积神经网络模型的水质识别率为99.38%,完全达到水质识别的要求。     

Semi-GSGCN: Social Robot Detection Research with Graph Neural Network

Malicious social robots are the disseminators of malicious information on social networks, which seriously affect information security and network environments. Efficient and reliable classification of social robots is crucial for detecting information manipulation in social networks. Supervised classification based on manual feature extraction has been widely used in social robot detection. However, these methods not only involve the privacy of users but also ignore hidden feature information, especially the graph feature, and the label utilization rate of semi-supervised algorithms is low. Aiming at the problems of shallow feature extraction and low label utilization rate in existing social network robot detection methods, in this paper a robot detection scheme based on weighted network topology is proposed, which introduces an improved network representation learning algorithm to extract the local structure features of the network, and combined with the graph convolution network (GCN) algorithm based on the graph filter, to obtain the global structure features of the network. An end-to-end semi-supervised combination model (Semi-GSGCN) is established to detect malicious social robots. Experiments on a social network dataset (cresci-rtbust-2019) show that the proposed method has high versatility and effectiveness in detecting social robots. In addition, this method has a stronger insight into robots in social networks than other methods.     

Sentiment Classification Based on Piecewise Pooling Convolutional Neural Network

Recently, the effectiveness of neural networks, especially convolutional neural networks, has been validated in the field of natural language processing, in which, sentiment classification for online reviews is an important and challenging task. Existing convolutional neural networks extract important features of sentences without local features or the feature sequence. Thus, these models do not perform well, especially for transition sentences. To this end, we propose a Piecewise Pooling Convolutional Neural Network (PPCNN) for sentiment classification. Firstly, with a sentence presented by word vectors, convolution operation is introduced to obtain the convolution feature map vectors. Secondly, these vectors are segmented according to the positions of transition words in sentences. Thirdly, the most significant feature of each local segment is extracted using max pooling mechanism, and then the different aspects of features can be extracted. Specifically, the relative sequence of these features is preserved. Finally, after processed by the dropout algorithm, the softmax classifier is trained for sentiment classification. Experimental results show that the proposed method PPCNN is effective and superior to other baseline methods, especially for datasets with transition sentences.     

模糊融合分类器在水雷识别中的应用

当目标的类别多时会使分类器的精度和稳健性大受影响,用神经网络分类器去完成复杂的目标分类任务是难以保证其可靠性的。引入信息融合条件下一种新型的分类器,即模糊融合分类器,该分类器可以自动“过滤”无效和冗余特征的负面影响,实现有效的特征层融合识别。采用4种特征提取方法,利用三个模糊融合神经网络作为分类器进行特征层的融合,再将分类器的输出作为决策层的融合,提高系统的分类性能。通过处理水雷实体回波数据得出的识别率表明,所选取的特征提取和分类器算法是有效的。     

An Efficient Internet Traffic Classification System Using Deep Learning for IoT

Internet of Things (IoT) defines a network of devices connected to the internet and sharing a massive amount of data between each other and a central location. These IoT devices are connected to a network therefore prone to attacks. Various management tasks and network operations such as security, intrusion detection, Quality-of-Service provisioning, performance monitoring, resource provisioning, and traffic engineering require traffic classification. Due to the ineffectiveness of traditional classification schemes, such as port-based and payload-based methods, researchers proposed machine learning-based traffic classification systems based on shallow neural networks. Furthermore, machine learning-based models incline to misclassify internet traffic due to improper feature selection. In this research, an efficient multilayer deep learning based classification system is presented to overcome these challenges that can classify internet traffic. To examine the performance of the proposed technique, Moore-dataset is used for training the classifier. The proposed scheme takes the pre-processed data and extracts the flow features using a deep neural network (DNN). In particular, the maximum entropy classifier is used to classify the internet traffic. The experimental results show that the proposed hybrid deep learning algorithm is effective and achieved high accuracy for internet traffic classification, i.e., 99.23%. Furthermore, the proposed algorithm achieved the highest accuracy compared to the support vector machine (SVM) based classification technique and k-nearest neighbours (KNNs) based classification technique.     

一种基于注意机制和卷积神经网络的视觉模型

针对目前的深度卷积神经网络(CNN)模型规模大、训练参数多、计算速度慢以及难以移植到移动端等问题,提出了一种深度可分离卷积结合3重注意机制模块(DSC-TAM)的视觉模型。首先,通过深度可分离卷积网络来减少模型参数,提高网络模型的计算速度;其次,引入3重注意机制模块提高网络的特征提取能力,改善网络性能。实验结果表明:该方法的识别率可达99.63%,模型规模降低了13%;与标准卷积神经网络视觉模型及其他方法比较,在保证识别精度的同时减少了网络模型的大小。     

基于均值特征和改进深度神经网络的说话人识别算法

为提高神经网络在说话人识别应用中的识别性能,提出基于高斯增值矩阵特征和改进深度卷积神经网络的说话人识别算法.算法首先通过最大后验概率提取基于梅尔频率倒谱系数(Mel Frequency Cepstrum Coefficient,MFCC)特征的高斯均值矩阵,并对特征进行噪声适应性补偿,以增强信号的帧间关联和说话人特征信...     

An intelligent system for gastrointestinal polyp detection in endoscopic video using fusion of bidimensional empirical mode decomposition and convolutional neural network features

This paper presents an intelligent system for gastrointestinal polyp detection in endoscopic video. Video endoscopy is a popular diagnostic modality in assessing the gastrointestinal polyps. But the accuracy of diagnosis mostly depends on doctors' experience that is crucial to detect polyps in many cases. Computer-aided polyp detection is promising to reduce the miss detection rate of polyp and thus improve the accuracy of diagnosis results. The proposed method illustrates an automatic system based on a new color feature extraction scheme as a support for gastrointestinal polyp detection. The scheme is the combination of color empirical mode decomposition features and convolutional neural network features extracted from video frames. The features are fed into a linear support vector machine to train the classifier. Experiments on standard public databases show that the proposed scheme outperforms the previous conventional methods, gaining accuracy of 99.53%, sensitivity of 99.91%, and specificity of 99.15%.     

基于集成分类器的泡罩包装药品缺陷识别

目的 针对药品生产包装过程中常出现缺陷泡罩包装药品的问题,研究一种基于多特征构建与集成分类器的泡罩包装药品缺陷识别方法.方法 该方法通过集成2个不同的分类器算法分别对药品图像类别进行预测,并采用联合判定函数对2个预测输出值进行联合决策,得到最终分类结果.第1个分类器模型通过将图像转化到HSV颜色空间,分割出泡罩区域和药片区域,进行特征设计,并在提取多项特征参数后构建BP神经网络分类算法给定药品类别预测.第2个分类器模型应用多层卷积神经网络取代传统算法对图像特征进行提取,并输出药品图像类别的预测值.根据2个分类器的性能进行算法集成,构成最终集成分类器.结果 实验结果表明,该集成分类模型对数据集中泡罩包装药品图像进行分类识别测试,准确率达97％以上.结论 集成分类模型不仅提高了单一分类器的识别准确率,也具有更佳的稳定性.该方法取得了卓越的分类效果,具有较高应用性.     

基于归一化小波能量系数的管道安全识别算法

针对管道泄漏检测系统存在一定误报率的问题,提出一种基于归一化小波能量系数的油气管道安全识别算法．首先提出最佳母小波选择标准,以现场数据为基础选取最佳母小波,然后提取归一化小波能量系数的最大值作为特征量,最后利用Fisher分类器对压力数据进行识别,判断管道是否处于安全状况．利用现场数据对该方法进行验证分析,结果表明该算法识别正确率较高,实用性好,且可以降低误报率．