计算机科学 ›› 2021, Vol. 48 ›› Issue (6A): 524-528.doi: 10.11896/jsjkx.200500001

• 信息安全 • 上一篇    下一篇

基于GR-AD-KNN算法的IPv6网络DoS入侵检测技术研究

赵志强, 易秀双, 李婕, 王兴伟   

  1. 东北大学计算机科学与工程学院 沈阳110819
  • 出版日期:2021-06-10 发布日期:2021-06-17
  • 通讯作者: 易秀双(xsyi@mail.neu.edu.cn)
  • 作者简介:zhaozq0518@foxmail.com
  • 基金资助:
    国家重点研发项目(2017YFB0801701);国家自然科学基金资助项目(61572123);辽宁省高校创新团队支持计划资助项目(LT2016007);赛尔网络创新项目(NGII20160616)

Research on DoS Intrusion Detection Technology of IPv6 Network Based on GR-AD-KNN Algorithm

ZHAO Zhi-qiang, YI Xiu-shuang, LI Jie, WANG Xing-wei   

  1. College of Computer Science and Engineering,Northeastern University,Shenyang 110819,China
  • Online:2021-06-10 Published:2021-06-17
  • About author:ZHAO Zhi-qiang,born in 1994,postgraduate.His main research interests include network security and machine learning.
    YI Xiu-shuang,born in 1969,professor,is a member of China Computer Federation.His main research interests include next generation internet,network security and big data analysis.
  • Supported by:
    National Key Research and Development Project(2017YFB0801701),National Natural Science Foundation of China(61572123),Program for Liaoning Innovative Research Team in University(LT2016007) and CERNET Innovation Project(NGII20160616).

摘要: 随着IPv6网络流量的快速增加和复杂化,传统入侵检测系统Snort是基于具体规则对DoS攻击进行检测的,这降低了IDS的检测性能。为了解决IPv6网络环境下的DoS入侵检测问题,采用了机器学习中的轻量级KNN的优化算法。首先,通过信息增益率实现特征的双重降维,针对具有较多类型子特征的离散特征进行选择和聚合,以实现进一步降维,减小实际运算的特征维度。其次,利用信息增益率作为优化样本欧氏距离测量的权重。基于所提出的反向距离影响力的度量指标,对KNN算法的分类决策算法进行了优化,使检测技术的效果得到进一步提高。实验结果表明,相比传统基于平均距离的TAD-KNN算法和仅优化距离定义的GR-KNN算法,GR-AD-KNN算法在IPv6网络流量特征检测中不仅可以提升整体检测性能,同时还对小群体样本分类拥有更好的检测效果。

关键词: GR-AD-KNN算法, IPv6, 平均增量距离决策, 双重降维, 信息增益率

Abstract: With IPv6 network traffic rapidly increasing,the traditional intrusion detection systems,such as Snort,based on speci-fic rules to detect DoS intrusion attacks,have the poor performance and adaptability in detecting DoS attacks.In order to solve the problem of detecting DoS attacks in IPv6,the KNN algorithm is improved in this paper.First,in order to decrease the number of low influential sub-features of discrete type features,the approach of selecting and clustering of sub-feature is implemented by information gain ratio,which can decrease the number of features and improve the efficiency in detecting DoS attack in IPv6.Se-cond,the improved algorithm GR-AD-KNN using information gain ratio as the weight of features to change Euclidean distance is proposed to achieve DoS attack detection.Based on a metric about reverse distance influence,the classification decision method in KNN algorithm is optimized,then the accuracy of detection approach is further improved.Experiments show that,compared with the TAD-KNN algorithm based on the average distances to classify attacks and the GR-KNN algorithm which only optimizes the Euclidean distance definition,the GR-AD-KNN algorithm not only improves the overall detection performance in IPv6 network traffic features detection,but also has better detection results on small population attack samples.

Key words: Average increment distance classification, GR-AD-KNN algorithm, Information gain ratio, IPv6, Twice reducing dimensionality of features

中图分类号: 

  • TP393.0
[1] SUN S Y.IPv6:Opportunities for the Development of NextGeneration Internet in China [J].The Internet Economy,2018(8):20-25.
[2] PRAPTODIYONO S,MURUGESAN R K,HASBULLAH IH,et al.Security mechanism for IPv6 stateless address autoconfiguration[C]// International Conference on Automation,Cognitive Science,Optics,MICRO Electro-Mechanical System,and Information Technology.IEEE,2016:31-36.
[3] WANG J S,LI J Y,ZHANG H W,et al.Design of Large-scale Network Anomaly Traffic Detection System Based on IPv6[J].Computer Engineering,2018,44(10):14-21.
[4] ARD J B.Internet Protocol version Six (IPv6) at UC Davis:Traffic Analysis with a Security Perspective[J].Dissertations & Theses - Gradworks,2012:20.
[5] SAGALA A.Automatic SNORT IDS rule generation based on honeypot log[C]// International Conference on Information Technology and Electrical Engineering.IEEE,2016:576-580.
[6] ZULKIFLEE M.A Framework of Features Selection for IPv6 Network Attacks Detection[J].WSEAS Transactions on Communications,2015,14(46):399-408.
[7] LI D,LI Y,YUAN C,et al.The application of decision treeC4.5 algorithm to soil quality grade forecasting model[C]// IEEE International Conference on Computer Communication and the Internet.IEEE,2016:552-555.
[8] LI B,CHEN A B,ZHOU T,et al.Grade evaluation based on improved C4.5 algorithm in forest fire danger[J].Hunan Forestry Science & Technology,2018,45(1):36-40.
[9] DU J L,YAN W L.Multiple classifiers of C4.5 decision tree based on distance weight[J].Computer Engineering and Design,2018,39(1):96-102.
[10] XIAO H H,DUAN Y M.Improved the KNN Algorithm Based on Related to the Distance of Attribute Value[J].Computer Science,2013,40(S2):157-159,187.
[11] DAI P W,PAN B,WANG Y M,et al.An Improved KNN Algorithm Based on Analytic Hierarchy Process[J].Journal of Liaoning Shihua University,2018,38(4):87-92.
[12] PENG Y.Precision marketing system of terminal based on Data mining[D].Nanjing:Nanjing University,2014.
[13] ZHANG Y Q.Improvement of Algorithm for finding Segmentation Points of Continuous Value of Decision Tree[J].Computer CD Software and Applications,2013,16(23):116-117.
[14] KDD Cup 1999 Data [EB/OL].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[1] 王栋, 王虎, 姜迁里.
基于6LoWPAN的低功耗长距离海洋环境监测系统
Low Power Long Distance Marine Environment Monitoring System Based on 6LoWPAN
计算机科学, 2020, 47(6A): 596-598. https://doi.org/10.11896/JsJkx.190900194
[2] 庞立会,江峰.
一种IPV6环境下的高性能规则匹配算法研究
Research on High Performance Rule Matching Algorithm in IPV6 Networks
计算机科学, 2017, 44(3): 158-162. https://doi.org/10.11896/j.issn.1002-137X.2017.03.035
[3] 曹旭,祝跃飞,费金龙.
基于协同地址碰撞的隐蔽认证方法
Cooperative Address Knocking Based Covert Authentication
计算机科学, 2016, 43(9): 175-179. https://doi.org/10.11896/j.issn.1002-137X.2016.09.034
[4] 张建明,赵利杰,冯霞.
VANET中基于移动IPv6的快速切换策略研究
Fast Handover Strategy Research Based on Mobile IPv6 in VANET
计算机科学, 2016, 43(10): 93-97. https://doi.org/10.11896/j.issn.1002-137X.2016.10.017
[5] 秦李,黄曙光,陈 骁.
IPv6 AS级Internet抗毁性研究
Research on Invulnerability of IPv6 AS-level Internet
计算机科学, 2015, 42(8): 161-165.
[6] 陈源,张奇支,饶亮,赵淦森.
代理移动IPv6中的分布式NEMO网络实现方案
Distributed Network Mobility Management over Proxy Mobile IPv6 Network
计算机科学, 2015, 42(2): 76-80. https://doi.org/10.11896/j.issn.1002-137X.2015.02.016
[7] 王轩,王振兴,王禹,张连成.
SSI:一种IPv6/IPv4多址同源识别模型
SSI:A Same Source Identification Model for Multiple IPv6/IPv4 Addresses
计算机科学, 2014, 41(8): 139-143. https://doi.org/10.11896/j.issn.1002-137X.2014.08.031
[8] 刘乔寿,张伟,王汝言,吴大鹏.
6LoWPAN适配层分片与重组算法性能分析
Performance Analysis for Fragmentation and Assembly Algorithm of 6LoWPAN Adaptation Layer
计算机科学, 2014, 41(7): 176-180. https://doi.org/10.11896/j.issn.1002-137X.2014.07.036
[9] 刘慧生,王振兴,张连成,侯毅.
基于重叠网的IPv6网络拓扑保护模型
Overlay Network Based IPv6Network Architecture Protection Model
计算机科学, 2013, 40(6): 71-75.
[10] 王剑锋,陈灿峰,刘嘉,郗闽军.
一种基于IPv6和低功耗蓝牙的物联网体系结构
Internet of Things Architecture Based on IPv6and Bluetooth Low Energy
计算机科学, 2013, 40(5): 97-102.
[11] 唐伟,汤红波,陈璐.
基于PMIPv6的移动网络快速切换方案
PMIPv6Based Fast Handover Scheme for Network Mobility
计算机科学, 2013, 40(11): 43-47.
[12] 饶亮,张奇支,黄兴平.
基于快速切换的MIPv6与PMIPv6域间互通优化方案
Optimization Scenarios of Interactions between MIPv6 and PMIPv6 Based on Fast Handover
计算机科学, 2012, 39(8): 47-.
[13] 王刚,郭渊博,刘伟.
一种无线Mesh网络中可证明安全的HMIPv6路由优化方案
Provable Secure Route Optimization Scheme for HMIPv6 in Wireless Mesh Network
计算机科学, 2012, 39(3): 62-66.
[14] 邱全杰,吴中福.
一种IPv6网络可用带宽测量方法及分析
Method for Available Bandwidth Measuring and Analysis of IPv6 Network
计算机科学, 2011, 38(4): 84-86.
[15] 王亚刚,杜慧敏,杨康平.
使用Hash表和树位图的两级IPv6地址查找算法
Two-stage IPv6 Address Lookup Scheme Based on Hash Tables and Tree Bitmaps
计算机科学, 2010, 37(9): 36-39.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!