Computer Science ›› 2021, Vol. 48 ›› Issue (6A): 464-467.doi: 10.11896/jsjkx.200900101

• Information Security • Previous Articles     Next Articles

DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance

LI Na-na1, WANG Yong1, ZHOU Lin1, ZOU Chun-ming2, TIAN Ying-jie3, GUO Nai-wang3   

  1. 1 College of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 200090,China
    2 The Third Research Institute of Ministry of Public Security,Shanghai 200031,China
    3 Institute of Electric Power Research,State Grid Shanghai Electric Power Company,Shanghai 200120,China
  • Online:2021-06-10 Published:2021-06-17
  • About author:LI Na-na,born in 1992,postgraduate.Her main research interests include robot safety and Informationsecurity.
    WANG Yong,born in 1973,Ph.D,professor.His main research interests include power system virus analysis and defense.
  • Supported by:
    General Project of National Natural Science Foundation of China(61772327),General Project of Shanghai Natural Science Foundation of China (20ZR1455900),Shanghai Science and Technology Commission Science and Technology Innovation Action Plan(18511105700),Shanghai Science and Technology Commission Power Artificial Intelligence Engineering Technology Research Center Project(19DZ2252800),Qi'anxin Big Data Collaborative Security National Engineering Laboratory Open Project(QAX-201803) and Open-end Fund of State Key Laboratory of Industrial Control Technology,Zhejiang University(ICT1800380).

Abstract: Feature selection is an important method for attack detection algorithms.This method mostly uses cross-validation recursive feature elimination (Recursive Feature Elimination with Cross-Validation,RFECV) technology,and is usually combined with machine learning algorithms.However,this algorithm is mostly used to select single-model features,and its performance is also very susceptible to fluctuations due to changes in feature quantities and learners.Due to the large amount of calculation,the classification accuracy of this algorithm still needs to be improved.In response to the above problems,this paper proposes a random forest detection method for DDoS attacks based on the secondary screening of feature importance.Firstly,the algorithm preprocesses the original data set and extracts features.Secondly,in order to select the most relevant variables from the selected model,the algorithm uses the RF variable importance criterion and the random forest importance score to rank the variables.Then,on the basis of random forest feature ranking,the cumulative importance of the variables is calculated and the most important variables are obtained.Then,the most important variables selected are used for training again to generate a classification model,and a new set of important variables is defined as the current variable.Finally,the final optimal variable is obtained through the importance criterion and the cumulative importance again,which effectively removes the abnormal points and avoids the local optimum,thereby realizing accurate classification and detection of DDOS attacks.Experimental results show that this method has high accuracy and precision,can accurately classify normal traffic and various DDoS attack traffic,and is suitable for detecting DDoS attacks under big data.

Key words: DDoS attack detection, Feature extraction, Importance criterion, Machine learning, Random forests

CLC Number: 

  • TP309.2
[1] WANG C,ZHENG J,LI X Y.Research on DDoS attacks detection based on RDF-SVM[C]//International Conference on Intelligent Computation Technology and Automation (ICICTA).2017:161-165.
[2] ZHANG W A,HONG Z,ZHU J W,et al.A survey of network intrusion detection methods for industrial control systems[J].Control and Decision,2019,34(11):2277-2288.
[3] XU J Z,WU Z H,XU Y,et al.Face recognition combiningPCA,LDA and SVM algorithms[J].Computer Engineering and Applications,2019,55(18):34-37.
[4] LI Z Q,DU J Q,NIE B,et al.Summary of Feature Selection Methods[J].Computer Engineering and Applications,2019,55(24):10-19.
[5] GAO N,FENG F D,XIANG J.A data-mining based dos detection technique[J].Jisuanji Xuebao(Chinese Journal of Computers),2006,29(6):944-951.
[6] PEI J T.DDOS Attack Detection based on machine learning and Big Data Real-time Computing analysis [D].Beijing:Beijing University of Technology,2019.
[7] LI M Y,TANG X Y,CHENG J R,et al.Random forest DDoS attack detection method based on combination correlation [J].Journal of Zhengzhou University (Science Edition),2019,51(2):23-28.
[8] SYLVESTER E,BENTZEN P,BRADBURY I R,et al.Applications of random forest feature selection for fine-scale genetic population assignment[J].Evolutionary Applications,2018,11(2):153-165.
[9] ZHAO L,CHEN Z,HU Y,et al.Distributed feature selection for efficient economic big data analysis [J].IEEE Transactions on Big Data,2008,32(2):164-176.
[10] YANG C C,XU X,HUAN J,et al.Feature selection method of student portrait based on random forest[J].Computer Engineering and Design,2019,40(10):2827-2834.
[11] FILHO F,SILVEIRA F,JUNIOR A,et al.Smart Detection:An Online Approach for DoS/DDoS Attack Detection Using Machine Learning[J].Security and Communication Networks,2019(12):1-15.
[12] Cisco systems netflow services export version 9[EB/OL].ht-tps://
[13] PARK S H,GOO J M,JO C H.Receiver operating characteristic(ROC) curve:practical review for radiologists[J].Korean Journal of Radiology,2004,5(1):11-18.
[14] MARTIN D,POWERS W.Evaluation:from precision,recall and F-measure to ROC,informedness,markedness and correlation[J].Journal of Machine Learning Technologies,2011,2(1):37-63.
[1] LENG Dian-dian, DU Peng, CHEN Jian-ting, XIANG Yang. Automated Container Terminal Oriented Travel Time Estimation of AGV [J]. Computer Science, 2022, 49(9): 208-214.
[2] NING Han-yang, MA Miao, YANG Bo, LIU Shi-chang. Research Progress and Analysis on Intelligent Cryptology [J]. Computer Science, 2022, 49(9): 288-296.
[3] HE Qiang, YIN Zhen-yu, HUANG Min, WANG Xing-wei, WANG Yuan-tian, CUI Shuo, ZHAO Yong. Survey of Influence Analysis of Evolutionary Network Based on Big Data [J]. Computer Science, 2022, 49(8): 1-11.
[4] LI Yao, LI Tao, LI Qi-fan, LIANG Jia-rui, Ibegbu Nnamdi JULIAN, CHEN Jun-jie, GUO Hao. Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network [J]. Computer Science, 2022, 49(8): 257-266.
[5] ZHANG Guang-hua, GAO Tian-jiao, CHEN Zhen-guo, YU Nai-wen. Study on Malware Classification Based on N-Gram Static Analysis Technology [J]. Computer Science, 2022, 49(8): 336-343.
[6] CHEN Ming-xin, ZHANG Jun-bo, LI Tian-rui. Survey on Attacks and Defenses in Federated Learning [J]. Computer Science, 2022, 49(7): 310-323.
[7] ZHANG Yuan, KANG Le, GONG Zhao-hui, ZHANG Zhi-hong. Related Transaction Behavior Detection in Futures Market Based on Bi-LSTM [J]. Computer Science, 2022, 49(7): 31-39.
[8] ZENG Zhi-xian, CAO Jian-jun, WENG Nian-feng, JIANG Guo-quan, XU Bin. Fine-grained Semantic Association Video-Text Cross-modal Entity Resolution Based on Attention Mechanism [J]. Computer Science, 2022, 49(7): 106-112.
[9] CHENG Cheng, JIANG Ai-lian. Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction [J]. Computer Science, 2022, 49(7): 120-126.
[10] LIU Wei-ye, LU Hui-min, LI Yu-peng, MA Ning. Survey on Finger Vein Recognition Research [J]. Computer Science, 2022, 49(6A): 1-11.
[11] LI Ya-ru, ZHANG Yu-lai, WANG Jia-chen. Survey on Bayesian Optimization Methods for Hyper-parameter Tuning [J]. Computer Science, 2022, 49(6A): 86-92.
[12] ZHAO Lu, YUAN Li-ming, HAO Kun. Review of Multi-instance Learning Algorithms [J]. Computer Science, 2022, 49(6A): 93-99.
[13] WANG Fei, HUANG Tao, YANG Ye. Study on Machine Learning Algorithms for Life Prediction of IGBT Devices Based on Stacking Multi-model Fusion [J]. Computer Science, 2022, 49(6A): 784-789.
[14] XIAO Zhi-hong, HAN Ye-tong, ZOU Yong-pan. Study on Activity Recognition Based on Multi-source Data and Logical Reasoning [J]. Computer Science, 2022, 49(6A): 397-406.
[15] YAO Ye, ZHU Yi-an, QIAN Liang, JIA Yao, ZHANG Li-xiang, LIU Rui-liang. Android Malware Detection Method Based on Heterogeneous Model Fusion [J]. Computer Science, 2022, 49(6A): 508-515.
Full text



No Suggested Reading articles found!