In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal ...In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.展开更多
基金supported in part by the National Natural Science Foundation under grant No.U1533107the Major Program of Natural Science Foundation of Tianjin under grant No.17JCZDJC30900+1 种基金the Fundamental Research Funds for the Central Universities of CAUC under grant No.3122016D003the graduate program of curriculum development project of Civil Aviation University of China(2050070515)
文摘In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.
