Research Article
A SYN Flood Attack Detection Method Based on Hierarchical Multihead Self-Attention Mechanism
(1) | Start | (2) | Input: Training dataset , epochs K, timesteps | (3) | Output: The classification category y | (4) | Data preprocessing: Missing value filling, numerical conversion, normalizaiton | (5) | For k = 1: K do | (6) | //Learning byte data feature information through Bi-GRU | (7) | Calculate | (8) | //Byte data weight distribution obtained by Multihead Self-Attention mechanism | (9) | | (10) | Calculate , , | (11) | //Update each byte feature representation to get the data flow vector | (12) | | (13) | The current data flow is merged with the history data , where the length of history data is determined by | (14) | //Learning data flow feature information through Bi-GRU | (15) | Calculate | (16) | //Calculation of data flow weight distribution by Multihead Self-Attention | (17) | Calculate , , | (18) | //Calculate the weighted sum | (19) | | (20) | Train the model | (21) | The output of the model is obtained | (22) | if > 0.5 then | (23) | = 1 //SYN Flood attack | (24) | else | (25) | = 0 //benign data | (26) | end if | (27) | end for | (28) | return | (29) | END |
|