A New Collaborative Detection Method for LDoS Attacks

The Low-rate Denial of Service (LDoS) attacks reduce network services capabilities by periodically sending high intensity pulse data flows. For the hidden performance of LDoS attacks, it is more difficult for traditional DoS detection methods to detect. At the same time the accuracy of the current detection methods for the LDoS attacks is relatively low. However, when the LDoS attacks occur, the frequency distribution and the fluctuation pattern of the TCP traffic have a special change. As the fact that the LDoS attacks led to the abnormal frequency distribution and the abnormal fluctuation pattern of the TCP traffic, we propose a new collaborative detection method (NCDM) for LDoS attacks. In NCDM, the  Distance is used to measure the frequency distribution and the Mean Deviation is used to measure the fluctuation pattern, then judgment criteria are proposed to collaborative detect the LDoS attacks. Base on the NS2 simulator platform and DARPA99 datasets, the experiments show that this method can detect LDoS attacks effectively and has a low false-negative rate and false-positives rate

[1]  Weifeng Chen,et al.  Flow level detection and filtering of low-rate DDoS , 2012, Comput. Networks.

[2]  Qiang Liu,et al.  Enhanced detection and restoration of low-rate denial-of-service in wireless multi-hop networks , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[3]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[4]  Kai Hwang,et al.  HAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks , 2005, ICCNMC.

[5]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[6]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  Xiapu Luo,et al.  Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks , 2006, 2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006.

[8]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[9]  Kai Chen,et al.  Detecting LDoS Attacks based on Abnormal Network Traffic , 2012, KSII Trans. Internet Inf. Syst..

[10]  Herbert A. Sturges,et al.  The Choice of a Class Interval , 1926 .