LDDoS attack detection method based on wavelet decomposition and sliding windows

doi:10.19682/j.cnki.1005-8885.2020.0009

中国邮电高校学报(英文版) ›› 2020, Vol. 27 ›› Issue (1): 51-61.doi: 10.19682/j.cnki.1005-8885.2020.0009

LDDoS attack detection method based on wavelet decomposition and sliding windows

刘亮¹,²,冯文治²,吴志军³,岳猛¹,²

1.
2. 中国民航大学
3. 天津市津北公路2898号中国民航大学电子信息工程学院

收稿日期:2019-07-03 修回日期:2019-12-02 出版日期:2020-02-28 发布日期:2020-02-28
通讯作者: 刘亮 E-mail:liul@cauc.edu.cn

LDDoS attack detection method based on wavelet decomposition and sliding windows

Received:2019-07-03 Revised:2019-12-02 Online:2020-02-28 Published:2020-02-28
Contact: Liang LIU E-mail:liul@cauc.edu.cn

摘要/Abstract

摘要： As a special type of distributed denial of service (DDoS) attacks, the low-rate DDoS (LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness.

关键词: low-rate distributed denial of service attacks, wavelet analysis, sliding windows, detection

Abstract: As a special type of distributed denial of service (DDoS) attacks, the low-rate DDoS (LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness.

Key words: low-rate distributed denial of service attacks, wavelet analysis, sliding windows, detection

参考文献

[1] Barford P, Kline J, Plonka D, et al. A signal analysis of network traffic anomalies. Proceedings of ACM SIGCOMM Internet Measurement Workshop (IMW'02), Nov 6-8, 2002, Marseille, France, New York, NY, USA: ACM, 2002: 71-82 [2] Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks (The shrew vs the mice and elephants). Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM’03), Aug 25-29, 2003, Karlsruhe, Germany. New York, NY, USA: ACM 2003: 25-29 [3] Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006, 66(9): 1137-1151 [4] He Y X, Cao Q, Liu T, et al. A low-rate DoS detection method based on feature extraction using wavelet transform. Journal of Software, 2009, 20(4): 930-941 (in Chinese) [5] Wu Z J, Zhang L Y, Yue M. Low-rate DoS attacks detection based on network multifractal. IEEE Transactions on Dependable and Secure Computing, 2016, 13(5): 559-567 [6] Zhang C W, Yin J P, Cai Z P, at el. Active queue management algorithm to counter DDoS attacks. Journal of Software, 2011, 22(9): 2182-2192 (in Chinese) [7] Sun J, Zukerman M. An adaptive neuron AQM for a stable Internet. Ad Hoc and Sensor Networks, Wireless Networks, Next Generation Internet: Proceedings of the 6th International IFIP-TC6 Networking Conference (NETWORKING’07): May 14-18, 2007, Atlanta, GA, USA. LNCS 4479. Berlin, Germany: Springer, 2007: 844-854 [8] Sarat S, Terzis A. On the effect of router buffer sizes on low-rate denial of service attacks. Proceedings of the 14th International Conference on Computer Communications and Networks (ICCCN’05), Oct 17-19, 2005, San Diego, CA, USA. Piscataway, NJ, USA: IEEE, 2005: 281-286 [9] Mohan L, Bijesh M G, John J K. Survey of low rate denial of service (LDoS) attack on RED and its counter strategies. Proceedings of the 2012 IEEE International Conference on Computational Intelligence and Computing Research, Dec 18-20, 2012, Coimbatore, India. Piscataway, NJ, USA: IEEE, 2012: 7p [10] Luo J T, Yang X L, Wang J, et al. On a mathematical model for low-rate shrew DDoS. IEEE Transactions on Information Forensics and Security, 2014, 9 (7): 1069-1083 [11] Yue M, Liu L, Wu Z J, et al. Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network. International Journal of Communication Systems, 2018, 31: e3449/1-16 [12] Minhas K, Kaur A, Singh D. A study on high rate shrew DDoS attack. International Journal of Advancements in Computing Technology, 2015, 6(1): 17-20 [13] Cheng C M, Kung H, Tan K S. Use of spectral analysis in defense against DoS attacks. Proceedings of the 2002 Global Telecommunications Conference (GLOBECOM'02): Vol 3, Nov 17-21, 2002, Taipei, China. Piscataway, NJ, USA: IEEE, 2002: 2143-2148 [14] Wang J S, Xu Z G. Network traffic anomaly detection technology based on fractal theory. Science Technology and Engineering, 2018, 18(14): 48-53 (in Chinese) [15] Adat V, Gupta B B. A DDoS attack mitigation framework for internet of things. Proceedings of the 2017 International Conference on Communication and Signal Processing (ICCSP'17), Apr 6-8, 2017, Chennai, India. Piscataway, NJ, USA: IEEE, 2017: 2036-2041 [16] Wu Z J, Yue M. Detection of LDDoS attack based on Kalman filtering. Acta Electronica Sinica, 2008, 36 (8):1590-1594 (in Chinese) [17] Kang J, Yang M, Zhang J Y. Accurately identifying new QoS violation driven by high-distributed low-rate denial of service attacks based on multiple observed features. Journal of Sensors, 2015: ID 465402/1-11

LDDoS attack detection method based on wavelet decomposition and sliding windows

LDDoS attack detection method based on wavelet decomposition and sliding windows

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

编辑推荐

Metrics

本文评价