Next Article in Journal
Using Two Meaningful Shadows to Share Secret Messages with Reversibility
Previous Article in Journal
Some Exact Solutions and Conservation Laws of the Coupled Time-Fractional Boussinesq-Burgers System
Previous Article in Special Issue
Developing Secure IoT Services: A Security-Oriented Review of IoT Platforms
Article Menu
Issue 1 (January) cover image

Export Article

Open AccessArticle
Symmetry 2019, 11(1), 78;

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

School of Information Science and Technology, Hainan University, Haikou 570228, China
State Key Laboratory of Marine Resource Utilization in South China Sea, Haikou 570228, China
Rossier School, University of Southern California, California, CA 90089, USA
Zhejiang Science and Technology Information Institute, Hangzhou 310006, China
Author to whom correspondence should be addressed.
Received: 23 November 2018 / Revised: 26 December 2018 / Accepted: 27 December 2018 / Published: 11 January 2019
Full-Text   |   PDF [5500 KB, uploaded 11 January 2019]   |  


Distributed Denial of Service (DDoS) has developed multiple variants, one of which is Distributed Reflective Denial of Service (DRDoS). With the increasing number of Internet of Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. The existing DDoS detection methods cannot be generalized in DRDoS early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flows. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on the deep forest, which consists of 1 extreme gradient boost (XGBoost) forest estimator, 2 random forest estimators, and 2 extra random forest estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the traffic identified in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flows, and dramatically mitigate the damage of a DRDoS attack. View Full-Text
Keywords: DRDoS; deep forest; IoT; big data; differentiated service DRDoS; deep forest; IoT; big data; differentiated service

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Xu, R.; Cheng, J.; Wang, F.; Tang, X.; Xu, J. A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment. Symmetry 2019, 11, 78.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Symmetry EISSN 2073-8994 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top