An adaptive KPCA approach for detecting LDoS attack

SUMMARY Low-rate denial-of-service (LDoS) attack sends out attack packets at low-average rate of traffic flow in short time. It is stealthier than traditional DoS attack, which makes detection of LDoS extremely difficult. In this paper, an adaptive kernel principal component analysis method is proposed for LDoS attack detection. The network traffic flow is extracted through wavelet multi-scale analysis. An adaptive kernel principal component analysis method is adopted to detect LDoS attack through the squared prediction error statistics. Key parameters such as the parameter of the radial basis function, the number of principal components, and the squared prediction error confidence limit are adaptively trained with training data and updated with the network environment. Simulation is accomplished in NS-2 environment, and results prove the favorable LDoS attack detection efficiency by the proposed approach. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Bernhard Schölkopf,et al.  Nonlinear Component Analysis as a Kernel Eigenvalue Problem , 1998, Neural Computation.

[2]  C. Yoo,et al.  Nonlinear process monitoring using kernel principal component analysis , 2004 .

[3]  S. X. Yang,et al.  An Adaptive Approach Based on KPCA and SVM for Real-Time Fault Diagnosis of HVCBs , 2011, IEEE Transactions on Power Delivery.

[4]  Jin Hyun Park,et al.  Fault detection and identification of nonlinear processes based on kernel PCA , 2005 .

[5]  Lorenzo Bruzzone,et al.  Toward the Automatic Updating of Land-Cover Maps by a Domain-Adaptation SVM Classifier and a Circular Validation Strategy , 2009, IEEE Transactions on Geoscience and Remote Sensing.

[6]  Kai Hwang,et al.  Collaborative detection and filtering of shrew DDoS attacks using spectral analysis , 2006, J. Parallel Distributed Comput..

[7]  Chin-Teng Lin,et al.  An automatic method for selecting the parameter of the RBF kernel function to support vector machines , 2010, 2010 IEEE International Geoscience and Remote Sensing Symposium.

[8]  Andreas Terzis,et al.  On the effect of router buffer sizes on low-rate denial of service attacks , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[9]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[10]  Gunnar Rätsch,et al.  An introduction to kernel-based learning algorithms , 2001, IEEE Trans. Neural Networks.

[11]  Lynda Mokdad,et al.  Recursive‐clustering‐based approach for denial of service (DoS) attacks in wireless sensors networks , 2015, Int. J. Commun. Syst..

[12]  Hongke Zhang,et al.  Modeling denial‐of‐service against pending interest table in named data networking , 2014, Int. J. Commun. Syst..

[13]  Zhijun Wu,et al.  Flow-oriented detection of low-rate denial of service attacks , 2016, Int. J. Commun. Syst..

[14]  Ke Xie,et al.  SEDP-based detection of low-rate DoS attacks , 2015, Int. J. Commun. Syst..

[15]  Mina Guirguis,et al.  BANDWIDTH STEALING VIA LINK-TARGETED ROQ ATTACKS , 2004 .