Riemannian manifold on stream data: Fourier transform and entropy-based DDoS attacks detection method

摘要

The means to achieve DDoS (distributed denial of service) attacks are becoming increasingly automated and diverse. A problem that automated attack tools cannot address, at least for now, is the inevitable repetitive or periodic nature of traffic data, which are important features for the effective detection of DDoS attacks. Some researchers have proposed to detect DDoS attacks by analyzing the frequency domain information or information entropy of network communication signals or network packets. However, they still suffer from insufficient accuracy and slow response time when dealing with large-scale attack data and multiple-packet types of attacks. Therefore, we hope to develop a detection method that can detect large-scale and multiple types of DDoS. This paper proposes a new DDoS detection method based on fast Fourier transform (FFT) and information entropy. This method (FFT and entropy-based DDoS detection method [FEDDM]) focuses on the periodicity of DDoS network traffic. First, we consider each piece of network traffic data as a network behavior. Then, we prove that the network traffic data conforms to the Riemann flow structure. We define the concept of work of stream data and treat it as a feature. The effect of stream data on the communication capacity can be considered as the work performed by the stream data on the channel. In addition, to improve the efficiency and accuracy of detection, we use the FFT coefficients and information entropy of work as features to train the neural network (NN) to detect DDoS attacks. This method is lightweight, faster, and more generally applicable. The experiment proved the advantage of this method using the latest CICDDoS2019 dataset. In the simulation, the detection accuracy of NetBIOS, SNMP, syn, and WebDDoS is more than 99.99%, which proves our method.