一种基于BiLSTM的低速率DDoS攻击检测方法

低速率分布式拒绝服务（Low-rate Distributed Denial of Service, LDDoS）攻击是一种新型的DDoS攻击方式，因其具有低速率、周期性和隐蔽性等特点，可躲避传统的DDoS攻击检测技术，更加难于检测和防御。本文提出一种基于特征选择和双向长短期记忆（Bidirectional Long Short Term Memory, BiLSTM）神经网络结合的LDDoS攻击检测方法。该方法使用分层交叉验证的递归特征消除（Recursive Feature Elimination CV, REFCV）特征选择算法挖掘双向流中最优的11个特征集合作为神经网络的输入，建立基于BiLSTM神经网络模型的LDDoS攻击检测分类器进行分类，达到LDDoS攻击检测的目的。实验结果表明该方法比卡尔曼滤波和NCAS算法有较高的检测率，误报率和漏报率都很低。

A Low-rate DDoS Attack Detection Method Based on BiLSTM

 Low-rate distributed denial of service (LDDoS) attack is a new type of DDoS attack. Because of its characteristics of low-rate, periodicity and concealment, it avoids the traditional detection technology of DDoS attack and is more difficult to be detected and defended. This paper proposes a LDDoS attack detection method based on feature selection and bidirectional long short term memory (BiLSTM) neural network. In this method, recursive feature elimination CV (REFCV) feature selection algorithm of layered cross validation is used to mine the optimal 11 feature sets in two-way flow as input to the neural network, and a LDDoS attack detection classifier based on BiLSTM neural network model is established for classification, which achieves the purpose of LDDoS attack detection. Experimental results show that this method has higher detection rate than Kalman filter and NCAS algorithm, and lower false positive rate and false negative rate.