2014基于K均值多重主成分分析的AppDDoS检测方法杨宏宇.pdfVIP

35 5 Vol.35 No. 5 2014 5 Journal on Communications May 2014 doi:10.3969/j.issn.1000-436x.2014.05.003 K App-DDoS ( 300300) Web K App-DDoS K CTI-DATA D-S 3 App-DDoS KMPCAA TP309,TP393.08 A 1000-436X(2014)05-0016-09 App-DDoS detection method based on K-means multiple principal component analysis YANG Hong-yu, CHANG Yuan (School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China) Abstract: Aiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extracting method was designed by analyzing the difference between normal users’ and attackers’ access behavior. Secondly, a k-means multiple principal component analysis algorithm was proposed by using the maximum distance classification method according to the data dimension reduction property of the principal component analysis, and then the testing model based on the algorithm was established. Finally, an App-DDoS attack detection experiment on the CTI-DATA dataset and the simulated attack dataset was conducted. In this experiment, the proposed method was compared with the fuzzy synthetical evaluation (FSE) algorithm, the hidden semi-Markov model (HsMM) detection algorithm and the dempster-shafer evidence theory (D-S) algorithm. Experim