The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using a...The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.展开更多
In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal ...In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.展开更多
As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics ...As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics of a low average rate and concealment.With features extracted from the network traffic,a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper.An attack feature set containing the Acknowledge character(ACK)sequence number,the packet size,and the queue length is used to classify normal and LDoS attack traffics.Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor(KNN)classifier separately,and to obtain the decision contour matrix.Then a posteriori probability in the matrix is fused,and the fusion decision index D is used as the basis of detecting the LDoS attacks.Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.展开更多
低速率拒绝服务攻击(low-ratedenial-of-service,简称LDoS)比传统的DDoS(distributed DoS)攻击更具隐蔽性和欺骗性,依据其周期性脉冲突发特点,设计实现了一种基于小波特征提取的LDoS检测系统DSBWA(detection system based on wavelet an...低速率拒绝服务攻击(low-ratedenial-of-service,简称LDoS)比传统的DDoS(distributed DoS)攻击更具隐蔽性和欺骗性,依据其周期性脉冲突发特点,设计实现了一种基于小波特征提取的LDoS检测系统DSBWA(detection system based on wavelet analysis).该系统以到达检测节点的数据包数目为研究对象,通过小波多尺度分析,结合LDoS的攻击规律提取5个特征指标,在此基础上采用BP神经网络进行综合诊断.一旦检测出LDoS攻击,系统定位攻击脉冲数据的到达时刻以获得攻击者的相关信息.NS-2模拟实验结果表明,DSBWA具有高检测率和低误警率,并且能够检测出LDoS变种攻击,消耗计算资源少,具有良好的实用价值.展开更多
As a special type of distributed denial of service(DDoS) attacks, the low-rate DDoS(LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditiona...As a special type of distributed denial of service(DDoS) attacks, the low-rate DDoS(LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness.展开更多
文摘The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.
基金supported in part by the National Natural Science Foundation under grant No.U1533107the Major Program of Natural Science Foundation of Tianjin under grant No.17JCZDJC30900+1 种基金the Fundamental Research Funds for the Central Universities of CAUC under grant No.3122016D003the graduate program of curriculum development project of Civil Aviation University of China(2050070515)
文摘In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.
基金the National Natural Science Foundation of China-Civil Aviation joint fund(U1933108)the Fundamental Research Funds for the Central Universities of China(3122019051).
文摘As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics of a low average rate and concealment.With features extracted from the network traffic,a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper.An attack feature set containing the Acknowledge character(ACK)sequence number,the packet size,and the queue length is used to classify normal and LDoS attack traffics.Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor(KNN)classifier separately,and to obtain the decision contour matrix.Then a posteriori probability in the matrix is fused,and the fusion decision index D is used as the basis of detecting the LDoS attacks.Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.
文摘低速率拒绝服务攻击(low-ratedenial-of-service,简称LDoS)比传统的DDoS(distributed DoS)攻击更具隐蔽性和欺骗性,依据其周期性脉冲突发特点,设计实现了一种基于小波特征提取的LDoS检测系统DSBWA(detection system based on wavelet analysis).该系统以到达检测节点的数据包数目为研究对象,通过小波多尺度分析,结合LDoS的攻击规律提取5个特征指标,在此基础上采用BP神经网络进行综合诊断.一旦检测出LDoS攻击,系统定位攻击脉冲数据的到达时刻以获得攻击者的相关信息.NS-2模拟实验结果表明,DSBWA具有高检测率和低误警率,并且能够检测出LDoS变种攻击,消耗计算资源少,具有良好的实用价值.
基金supported by the Joint Funds of National Natural Science Foundation of China and Civil Aviation Administration of China (U1933108)the National Science Foundation for Young Scientists of China (61601467)+1 种基金the Key Program of Natural Science Foundation of Tianjin (17JCZDJC30900)the Fundamental Research Funds for the Central Universities of China (3122019051).
文摘As a special type of distributed denial of service(DDoS) attacks, the low-rate DDoS(LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness.
