Based fuzzy pattern recognition methodology for the DDos evaluation

Journal of Chemical and Pharmaceutical Research, 2014, 6(2):250-255

Research Article

_{CODEN(USA) : JCPRC5}

ISSN : 0975-7384

Based fuzzy pattern recognition methodology for the DDos evaluation

Weidong Ji, Jianhua Wang, Jun Zhang and Dan Gao

Department of Computer Science and Information Engineering, Harbin Normal University, China _____________________________________________________________________________________________

ABSTRACT

The evaluation of DDos based on ERS is a process that recognizes the level type of a sample by comparing it with the standard values from the data in the ERS index. However, it is difficult to find the same value as those standard values in practice. As the above mentioned procedure is a typical fuzzy pattern recognition problem, a fuzzy pattern recognition methodology is proposed to solve it. The standard value matrix of factors is constructed on the basis of the data in the ERS index and then converted into the membership degree matrix. A new fuzzy pattern recognition model is developed to provide the evaluation levels of samples, which are expressed by linguistic variables.

Key words: fuzzy pattern recognition; DDos; evaluation

_____________________________________________________________________________________________

INTRODUCTION

Distributed denial of service attack (the distributed denial-of-service attack, referred to as DDoS) is one of the most important threat of Internet [1]. DDoS attack is which the attacker through the puppet master, computing resource consumption attacks, prevents the goal to provide services to legitimate users [2]. A large number of operating systems that could allow an attacker to control a large number of zombie hosts to build large-scale botnets. Network continues to expand, so increasing the size of the botnet [3]. A number of attack tools which reduces the attack technological barriers greatly reduce the technical difficulty of the attack. Because of its great harm, simple and easy to achieve, the detection of DDOS is particularly important [4-5]. At present, around the world, the detection and defense of DDos has a deep research. People have put forward a variety of different detection methods based on feature detection and achieved good results [6-7].

In this paper, I proposed the detection model called the ERS, which is a process for recognizing the level type of a sample when compared with the standard values of the ERS index based on the experiential data. However, since the values from a sample differ from standard values, this procedure is typically a fuzzy pattern recognition problem. The ERS index uses a linear model to compute the value of the final vulnerability index. Therefore, we can use a fuzzy pattern recognition model to evaluate the DDos based on the DRASTIC index. However, the model is virtually a two-level optimization model, in which the standard rating of each range from the ERS index is not used in the process of evaluation, i.e. some information for evaluation is abandoned.

The aim is to develop a fuzzy pattern recognition model to utilize the standard values of each level in the process of evaluation. An evaluation result is described by a rank feature value, which is related to a linguistic variable set. This benefits the generalization of the new methodology.

THE MEMBERSHIP DEGREE MATRIX OF STANDARD VALUES

[image:2.595.222.393.135.169.2]

The most significant factors have a weight of 5; the least significant a weight of 1 (see the non-normalized weights in Table 1). The factor weights form the basis of the ***index; they must remain constant as any changes will make the index invalid.

Table 1.Weights of the three factors in ERS index

Factor E R S

Weight Non-Normalize Normalize 3 0.33 3 0.33 3 0.33

In the ERS index, each factor has been divided into ranges, which are assigned a rating from 1 to 6. As for each factor, the total of the ranges may be different, so this results in difficulty in constructing the standard value matrix, which is the basis of pattern recognition. Therefore, standard values of 6 levels with regard to each factor are proposed on the basis of the data in the ERS index. Correspondingly, the DDOS is expressed by a linguistic variable set with 6 linguistic variables, as shown in Table 2.

Table 2.Standard values of 6 levels for three factors

Factor Level 1 Level 2 Level 3 Level 4 Level 5 Level 6 E R S 0.01 0.01 0.01 0.206 0.206 0.206 0.402 0.402 0.402 0.598 0.598 0.598 0.794 0.794 0.794 0.99 0.99 0.99

Table 3.The relationship between linguistic variables and evaluation levels

Level 1 2

3 4 5 6

Linguistic variable

Least Probable to be

attracted

Slightly Probable to be

attracted

Probable to be attracted

Fairly Probable to be

attracted

Very Probable to be

attracted

Most Probable to be attracted

DDos may be evaluated by the standard values of 6 levels with regard to the three ERS factors. According to Table 2, the standard value matrix of the factors is as follows:

0.01, 0.206, 0.402, 0.598, 0.794, 0.99

0.01, 0.206, 0.402, 0.598, 0.794, 0.99

0.01, 0.206, 0.402, 0.598, 0.794, 0.99

s









= 











(1)

Where

y

_{i h.} is the standard value of level

h

with regard to factor

i

;

i

=

1, 2, 3

and

h

=

1, 2,..., 6

.

As seen in Table 2, the seven factors can be sorted into two types, according to the behavior of the level h: the bigger the standard value

y

i h. _{, the lower the level h (for factors E,R,S); The membership degree of the sixth level standard} value with regard to the fuzzy concept “Most probable to be attracted” is assumed to be 1, and the membership degree of the first level standard value is assumed to be 0. As for the other levels, their membership degrees vary from 0 to 1. The membership degree,

s

_{i j,} of

y

_{i h.} with regard to “Most probable to be attracted” is computed by:

, ,1

, , ,1 ,6 ,1 ,1 , ,6

, ,6

0

(

) / (

)

1 y

i h i

i j i h i i i i i h i

i h i

y

y

s

y

y

y

y

y

y

y

y

=





=

_

−

−

<

<



₌



(2)

where

y

_i,1and

y

_i,6are, respectively, the standard values of the first and sixth levels. By using equation (2), equation (1) can be converted into the membership degree matrix of standard values, i.e.:

[image:2.595.66.550.339.391.2]

which reflects the continuous transition of vulnerability and in which the vulnerability varies from 1 to 0. Matrix

S

is the standard to evaluate a sample, so it forms the basis of fuzzy pattern recognition.

MODEL DEVELOPMENT

Evaluation of DDos can be regarded as identification of the level to which a sample belongs according to the three factor values of the sample when compared with the standard values in Table 2. So it is actually a pattern recognition problem. Here a fuzzy pattern recognition model is proposed to solve the problem. Assuming the factor values of samples form the following factor value matrix:

, 3

(

i j

)

n

X

=

x

× (4)

where

x

_{i j,} is the value of sample

j

with regard to factor

i

;

i

=

1, 2, 3

;

j

=

1, 2,...,

n

and

n

is the total number of samples to be evaluated. The membership degree can be calculated by:

, ,1

, , ,1 ,6 ,1 ,1 , ,6

, ,6

0

(

) / (

)

1 y

i h i

i j i h i i i i i h i

i h i

y

y

r

x

y

y

y

y

y

y

y

=





=

_

−

−

<

<



₌



(5)

By using equations (5) equation (4) can be transformed into a membership degree matrix of factors:

, 3

(

_{i j}

)

_n

R

=

r

× (6)

In the above matrix, a column vector, i.e. the membership degree of three factors with regard to sample

j

, is obtained as:

1, 2, , 3,

(

,

)

T

j j j j

r

=

r

r r

(7)

Assuming the membership degree matrix of each sample

j

belonging to each level is as follows:

, 6

(

_{i j}

)

_n

U

=

u

× (8)

where

u

_{i j,} is the membership degree of sample

j

belonging to level

h

;

j

=

1, 2,...,

n

and

h

=

1, 2,..., 6

According to fuzzy sets theory, matrix

U

is subject to the following constraint:

6

, 1

1

i j h

u

=

=

∑

(9)

Each factor is of different importance in relation to vulnerability, hence different weights are attributed to different factors, which are usually normalized to sum to one in the evaluation process (Table 1). The weight vector is denoted by:

1 2, 3

(

,

)

T

w

=

w w w

(10)

The distance of sample

j

to level

h

can be described as:

}

1 3

, ,

1

(

)

p p hj i i j i h

i

d

w r

s

=



_

_

=

_

_

−

_



∑

(11)

}

1 3 , , , , 1

(

)

p p hj h j hj h j i i j i h

i

D

u d

u

w r

s

=



_

_

=

=

_

_

−

_



∑

(12)

In order to solve

u

_{h j,} the following objective function is established:

3 2 ,

1

min

(

_{h j}

)

_hj

h

F u

D

=



₌









∑



(13)

Through equations (9) and (13), the following Lagrange function can be derived:

3 3

2 2

, , ,

1 1

(

_{h j}

,

_j

)

_{h j hj j h j}

1

h h

L u

λ

u

d

λ

u

= =





=

−

_

−

_





∑

∑

(14)

where

λ

_j is a Lagrange multiplier. Setting the partial derivatives of the Lagrange function with respect to each

u

_{h j,} and

λ

_jequal to zero, respectively, i.e.:

, , ,

(

h j

,

j

) /

h j

0

(

h j

,

j

) /

j

0

L u

λ

u

L u

λ

λ

∂

∂

=

∂

∂ =

(15)

it follows that the formula for calculating the membership degree of sample

j

belonging to level

h

is: 1 3 2 2 , 1

0

h j hj kj hj

k

u

d

d

d

− − =





=

_

_

≠



∑



(16)

When

d

_hji.e.

r

_{i j,}

=

s

_{i h,} it means that sample

j

completely belongs to level

h

, so

u

_{h j,}

=

1

.

Equation (16) is actually a 6-level fuzzy pattern recognition model, where

h

=

1, 2,..., 6

Next the model has to be transformed into a fuzzy optimization model,. If

h

=

5, 6

according to equation (2), one obtains:

,6 ,5 ,5 ,5

,6 ,5

,6 ,5 ,6 ,5

1

0

i i i i

i i

i i i i

y

y

y

y

s

s

y

y

y

y

−

−

=

=

=

=

−

−

(17)

Substituting equation (17) into equations (11) and (16), the membership degree of sample

j

belonging to level 6 (which represents the fuzzy concept “Most probable to be attracted”) is:

6, 2 3 , 1 3 , 1

1

(

1)

1

(

)

j p p i i j i

p i i j i

u

w r

w r

= =

=



_

₋

_















+ 















∑

∑

(18)

According to equation (16), the membership degree matrix of each sample belonging to each level is as follows:

* * *

1,1 1,2 1,

* * * * *

2,1 2,2 2, , 3

* * *

3,1 3,2 3,

...

...

(

)

...

n

n h j n

n

u u

u

U

u u

u

u

u

u

u

×









=





=













(19)

Where

h

=

1, 2, 3

, and

j

=

1, 2,...,

n

. However, the evaluation level of a sample cannot be determined directly in the matrix, so the rank feature value is defined to solve the problem. The column vector:

* * * *

1, 2, 6,

(

,...,

)

T

j j j j

u

=

u u

u

(20)

expresses the distribution of the membership degree of sample

j

on the axis of level variable

h

. It is similar to the distribution of a unit mass on axis in mechanics. Let

3

* *

, 1

(1, 2, ,...6)

j j h j

h

H

u

u h

=

=

=

∑

(21)

Which represents the center of the shape encircled by level variable

h

and

u

_{h j,} on the

h

~

u

h j_, coordinate plane.

Therefore

H

_j is called the rank feature value and can be considered as an index of sample

j

. The rank feature value describes the evaluation level of a sample when compared with the standard values in Table 2. According to Table 3, the bigger the rank feature value, the more probable the sample is to be attracted. In this way, the evaluation level of a sample can be identified by a rank feature value that is a continuous value in the range of 1–6, and then be expressed by linguistic variables as shown in Table 3.

The evaluation process using the above model is easily programmed, so that individuals without geological or hydrogenological expertise can effectively use the methodology to calculate the evaluation results, which are expressed through linguistic variables in place of numbers, and are easy to understand and use in practice.

CONCLUSION

The evaluation of DDos is a process for recognizing the level type of a sample when compared with the standard values in Table 2, i.e. typically a fuzzy pattern recognition problem. The membership degree matrix of standard values has been constructed to reflect possibility to be attracted. Hereby, a 6-level fuzzy pattern recognition model was developed to evaluate the possibility, 6 linguistic variables utilized to interpret the evaluation results instead of using numbers, which makes the results easy to understand.

Acknowledgments

It is supported by Youth project of National Natural Science fund (41071262), Key Laboratory of intelligent education and information engineering project in Heilongjiang province, Heilongjiang province key discipline of computer application technology (081203), Harbin Normal University Doctor Scientific Research Foundation.

REFERENCES

[1]ZHANG Yong-Zheng, XIAO Jun, YUN Xiao-Chun, WANG Feng-Yu. Journal of Software, Vol.23 (8), pp.2058-2072, 2012.08.

[2]ZHANG Yong-Zheng, XIAO Jun, YUN Xiao-Chun, WANG Feng-Yu. Chinese Journal Of Computer, Vol.33 (9), pp.1713-1724, 2010.09.

[3]SUN Zhi-Xin, LI Qing-Dong. Journal of Software. Vol. 18(10), pp.2613-2623, 2007.10.

[4]Zhuang X, Lu K, Wang L, Lu J, Li O. Computer Engineering. Vol. 30(22), pp.127-129, 2004.11.

[5]Sekar V, Duffield N, Merwe JVD, Zhang H. In: Proc. of the USENIX Annual Technical Conf. Santa Clara,p. 171-184,2006.