Multi-scale Low-Rate DDoS Attack Detection Using the Generalized Total Variation Metric

We propose a mechanism to detect multi-scale low-rate DDoS attacks which uses a generalized total variation metric. The proposed metric is highly sensitive towards detecting different variations in the network traffic and evoke more distance between legitimate and attack traffic as compared to the other detection mechanisms. Most low-rate attackers invade the security system by scale-in-and-out of periodic packet burst towards the bottleneck router which severely degrades the Quality of Service (QoS) of TCP applications. Our proposed mechanism can effectively identify attack traffic of this natures, despite its similarity to legitimate traffic, based on the spacing value of our metric. We evaluated our mechanism using datasets from CAIDA DDoS, MIT Lincoln Lab, and real-time testbed traffic. Our results demonstrate that our mechanism exhibits good accuracy and scalability in the detection of multi-scale low-rate DDoS attacks.

[1]  A. Rényi On Measures of Entropy and Information , 1961 .

[2]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[3]  Zhijun Wu,et al.  Low-Rate DoS Attacks Detection Based on Network Multifractal , 2016, IEEE Transactions on Dependable and Secure Computing.

[4]  Dhruba Kumar Bhattacharyya,et al.  Self-similarity based DDoS attack detection using Hurst parameter , 2016, Secur. Commun. Networks.

[5]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[6]  Jugal K. Kalita,et al.  E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric , 2016, Secur. Commun. Networks.

[7]  Ying Zhang,et al.  Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing , 2007, NDSS.

[8]  Tianyang Zhou,et al.  The new threat to internet: DNP attack with the attacking flows strategizing technology , 2015, Int. J. Commun. Syst..

[9]  Bu-Sung Lee,et al.  Power spectrum entropy based detection and mitigation of low-rate DoS attacks , 2018, Comput. Networks.

[10]  Zhijun Wu,et al.  Low-rate DoS attack flows filtering based on frequency spectral analysis , 2017, China Communications.

[11]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[12]  Aziz Mohaisen,et al.  Losing control of the internet: using the data plane to attack the control plane , 2010, CCS '10.

[13]  Guo Yi,et al.  A CRF-theory-based method for BGP-LDoS attack detection , 2016, 2016 2nd IEEE International Conference on Computer and Communications (ICCC).

[14]  Antonio Pescapè,et al.  A tool for the generation of realistic network workload for emerging networking scenarios , 2012, Comput. Networks.

[15]  Weifeng Chen,et al.  Flow level detection and filtering of low-rate DDoS , 2012, Comput. Networks.