DDoS Attack Security Situation Assessment Model Using Fusion Feature Based on Fuzzy C-Means Clustering Algorithm

  • Ruizhi Zhang
  • Jieren Cheng
  • Xiangyan TangEmail author
  • Qiang Liu
  • Xiangfeng He
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11064)


DDoS attacks have impaired the network availability seriously in the new network environment and the traditional network situation assessment methods cannot effectively evaluate the DDoS attack security situation. In this paper, a DDoS attack security situation assessment model using fusion feature based on Fuzzy C-means (FCM) clustering algorithm has been proposed. This model generates a fusion feature according to network flow changes in IP address of old and new users, and calculates the risk index of each network node on the basis of fusion feature and obtains the security situation information of the whole network by fusing the risk indexes of all network nodes, and clusters the fusion situation information with FCM into five security levels, so as to quantitatively evaluate the DDoS attack security situation of the whole network through the proposed situation risk degree recognition model. Experiments on real DDoS data show that the proposed model can assess the DDoS attack security situation reasonably and effectively and be more flexible than non-fuzzy methods.


DDoS attack DDoS attack security situation assessment Fusion feature FCM 



We thank all the anonymous reviewers and editors who helped to improve the quality of the paper. This work was supported by the National Natural Science Foundation of China [61762033, 61363071, 61702539]; The National Natural Science Foundation of Hainan [617048, 20 18CXTD333]; Hainan University Doctor Start Fund Project [kyqd1328]; Hainan University Youth Fund Project [qnjj1444].


  1. 1.
    Endsley, M. R.: Situation awareness global assessment technique (SAGAT). In: National Aerospace and Electronics Conference, vol. 3, pp. 789–795 (1988)Google Scholar
  2. 2.
    Bass, T.: Multisensor data fusion for next generation distributed intrusion detection systems. In: 1999 IRIS National Symposium on Sensor & Data Fusion, Proceedings of the Iris National Symposium on Sensor and Data Fusion, Baltimore, pp. 24–27 (1999)Google Scholar
  3. 3.
    Li, C., Cao, M., Tian, L.: Situation assessment approach based on a hierarchic multi-timescale Bayesian network. In: 2nd International Conference on Information Science and Control Engineering, pp. 911–915. IEEE, Shanghai (2015)Google Scholar
  4. 4.
    Chundong, W., Li, Y., Chenyang, D.: Situation assessment of network security based on T-S fuzzy neural network. J. Comput. Inf. Syst. 11(16), 5999–6006 (2015)Google Scholar
  5. 5.
    Guang, K., Guangming, T., Ding, X., Wang, S., Wang, K.: A network security situation assessment method based on attack intention perception. In: 2nd IEEE International Conference on Computer and Communications, pp. 1138–1142. IEEE, Chengdu (2016)Google Scholar
  6. 6.
    Xiang, S., Lv, Y., Xia, C., Li, Y., Wang, Z.: A method of network security situation assessment based on hidden Markov model. In: Li, K., Li, J., Liu, Y., Castiglione, A. (eds.) ISICA 2015. CCIS, vol. 575, pp. 631–639. Springer, Singapore (2016). Scholar
  7. 7.
    Zhao, Z.N., Qiao, P.L., Wang, J., Hu, G.Y.: Security situation assessment of all-optical network based on evidential reasoning rule. Math. Probl. Eng. 2016(4), 1–7 (2016)Google Scholar
  8. 8.
    Wen, Z., Tang, J.: Quantitative assessment for network security situation based on weighted factors. J. Comput. Methods Sci. Eng. 16(4), 821–833 (2016)Google Scholar
  9. 9.
    Li, X., Zhao, H.: Network security situation assessment based on HMM-MPGA. In: 2nd International Conference on Information Management, pp. 57–63. IEEE, London (2016)Google Scholar
  10. 10.
    Jin, Y., Shen, Y., Zhang, G., Zhi, H.: The model of network security situation assessment based on random forest. In: 8th IEEE International Conference on Software Engineering and Service Sciences, pp. 977–980. IEEE, Beijing (2017)Google Scholar
  11. 11.
    Wang, X.: Network information security situation assessment based on Bayesian network. Int. J. Secur. Appl. 10(5), 129–138 (2016)Google Scholar
  12. 12.
    Zhu, L., Xia, G., Zhang, Z., Li, J.: Multi-dimensional network security situation assessment. Int. J. Secur. Appl. 10(11), 153–164 (2016)Google Scholar
  13. 13.
    Zihao, L., Bin, Z., Ning, Z., Lixun, L.: Hierarchical network threat situation assessment method for DDoS based on D-S evidence theory. In: 2017 IEEE International Conference on Intelligence and Security Informatics, pp. 49–53. IEEE, Beijing (2017)Google Scholar
  14. 14.
    Jianwei, T., et al.: Threat propagation based security situation quantitative assessment in multi-node network. Comput. Res. Dev. 54(4), 731–741 (2017)Google Scholar
  15. 15.
    Wang, H., et al.: Research on network security situation assessment and quantification method based on analytic hierarchy process. Wirel. Pers. Commun. 2018(1), 1–20 (2018)MathSciNetGoogle Scholar
  16. 16.
    Yu, J., Hu, M., Wang, P.: Evaluation and reliability analysis of network security risk factors based on D-S evidence theory. J. Intell. Fuzzy Syst. 34(2), 861–869 (2018)CrossRefGoogle Scholar
  17. 17.
    Xu, J., et al.: A quantitative risk assessment model involving frequency and threat degree under line-of-business services for infrastructure of emerging sensor networks. Sensors 17(3), 642 (2017)CrossRefGoogle Scholar
  18. 18.
    Xi, R., Yun, X., Hao, Z., Zhang, Y.: Quantitative threat situation assessment based on alert verification. Secur. Commun. Netw. 9(13), 2135–2142 (2016)Google Scholar
  19. 19.
    Dobrilovic, D., Stojanov, Z., Jager, S., Rajnai, Z.: A method for comparing and analyzing wireless security situations in two capital cities. Acta Polytech. Hung. 13(6), 67–86 (2016)Google Scholar
  20. 20.
    Dai, F., Hu, Y., Zheng, K., Wu, B.: Exploring risk flow attack graph for security risk assessment. IET Inf. Secur. 9(6), 344–353 (2015)CrossRefGoogle Scholar
  21. 21.
    Rodriguez, R.J., Merseguer, J., Bernardi, S.: Modelling security of critical infrastructures: a survivability assessment. Comput. J. 58(10), 2313–2327 (2015)CrossRefGoogle Scholar
  22. 22.
    Li, F., Nie, Y., Zhu, J., Zhang, H.: A decision-aided situation awareness mechanism based on multiscale dynamic trust. Int. J. Distrib. Sensor Netw. 2015, 1–14 (2015)Google Scholar
  23. 23.
    Dunn, J.C.: A fuzzy relative of the ISODATA process and its use in detecting compact well-separated clusters. J. Cybern. 3(3), 32–57 (1974)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Bezdek, J.C.: Pattern Recognition with Fuzzy Objective Function Algorithms, vol. 22, no. 1171, pp. 203–239. Plenum Press, New York (1981)Google Scholar
  25. 25.
    Son, L.H., Tien, N.D.: Tune up fuzzy C-means for big data: some novel hybrid clustering algorithms based on initial selection and incremental clustering. Int. J. Fuzzy Syst. 19(5), 1585–1602 (2017)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Vo, N.P., Dat, N.D., Tran, V.T.N., Chau, V.T.N., Nguyen, T.A.: Fuzzy C-means for english sentiment classification in a distributed system. Appl. Intell. 46(3), 717–738 (2017)CrossRefGoogle Scholar
  27. 27.
    Wu, J., Wu, Z., Cao, J., Liu, H., Chen, G.: Fuzzy consensus clustering with applications on big data. IEEE Trans. Fuzzy Syst. 25(6), 1430–1445 (2017)CrossRefGoogle Scholar
  28. 28.
    Li, Y., Yang, G., He, H., Jiao, L., Shang, R.: A study of large-scale data clustering based on fuzzy clustering. Soft. Comput. 20(8), 3231–3242 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Ruizhi Zhang
    • 1
  • Jieren Cheng
    • 1
    • 2
  • Xiangyan Tang
    • 1
    Email author
  • Qiang Liu
    • 3
  • Xiangfeng He
    • 4
  1. 1.School of Information Science and TechnologyHainan UniversityHaikouChina
  2. 2.State Key Laboratory of Marine Resource Utilization in South China SeaHaikouChina
  3. 3.College of ComputerNational University of Defense TechnologyChangshaChina
  4. 4.Hainan Sub Center, National Computer Network Emergency Response Coordination CenterHaikouChina

Personalised recommendations