Research Article
A SYN Flood Attack Detection Method Based on Hierarchical Multihead Self-Attention Mechanism
| (1) | Start | | (2) | Input: Training dataset , epochs K, timesteps | | (3) | Output: The classification category y | | (4) | Data preprocessing: Missing value filling, numerical conversion, normalizaiton | | (5) | For k = 1: K do | | (6) | //Learning byte data feature information through Bi-GRU | | (7) | Calculate | | (8) | //Byte data weight distribution obtained by Multihead Self-Attention mechanism | | (9) | | | (10) | Calculate , , | | (11) | //Update each byte feature representation to get the data flow vector | | (12) | | | (13) | The current data flow is merged with the history data , where the length of history data is determined by | | (14) | //Learning data flow feature information through Bi-GRU | | (15) | Calculate | | (16) | //Calculation of data flow weight distribution by Multihead Self-Attention | | (17) | Calculate , , | | (18) | //Calculate the weighted sum | | (19) | | | (20) | Train the model | | (21) | The output of the model is obtained | | (22) | if > 0.5 then | | (23) | = 1 //SYN Flood attack | | (24) | else | | (25) | = 0 //benign data | | (26) | end if | | (27) | end for | | (28) | return | | (29) | END |
|
