分布式拒绝服务(Distributed Denial of Service,DDoS)攻击已经成为网络安全的主要威胁之一,其中应用层DDoS攻击是主要的攻击手段.应用层DDoS攻击是针对具体应用服务的攻击,其在网络层行为表现正常,传统安全设备无法有效抵御.同时,现有的针对应用层DDoS攻击的检测方法检测能力不足,难以适应攻击模式的变化.为此,文章提出一种基于时空图神经网络(Spatio-Temporal Graph Neural Network,STGNN)的应用层DDoS攻击检测方法,利用应用层服务的特征,从应用层数据和应用层协议交互信息出发,引入注意力机制并结合多个GraphSAGE层,学习不同时间窗口下的实体交互模式,进而计算检测流量与正常流量的偏差,完成攻击检测.该方法仅利用时间、源IP、目的IP、通信频率、平均数据包大小 5 维数据便可有效识别应用层DDoS攻击.由实验结果可知,该方法在攻击样本数量较少的情况下,与对比方法相比可获得较高的Recall和F1分数.
Application Layer DDoS Detection Method Based on Spatio-Temporal Graph Neural Network
Distributed denial of service(DDoS)attacks have emerged as one of the principal threats to cybersecurity,among which application layer DDoS attacks stand as a primary mode of assault.Application layer DDoS attacks target specific application services and exhibit normal behavior at the network layer,rendering traditional security devices ineffective against them.Moreover,existing detection methods for application layer DDoS attacks are insufficient in detection capability and struggle to adapt to the changing patterns of attacks.In response,this paper proposed a detection method for application layer DDoS attacks based on spatio-temporal graph neural network(STGNN).This method utilized the characteristics of application layer services,starting from application layer data and protocol interaction information.It introduced an attention mechanism and combined multiple GraphSAGE layers to learn the patterns of entity interactions across different time windows.Consequently,it calculated the deviation between the detection traffic and normal traffic to accomplish attack detection.The method effectively identified application layer DDoS attacks using only five dimensional data,including time,source IP,destination IP,communication frequency,and average packet size.According to the experimental results,this method achieves higher Recall and F1 scores compared to benchmark methods,even with a smaller number of attack samples.
NETL
NSTL
万方数据
