Detection of LDoS Attacks Based on Wavelet Energy Entropy and Hidden Semi-Markov Models

被引：0

作者：

Wu Z.-J. ^{[1
]}

Li H.-J. ^{[1
]}

Liu L. ^{[1
]}

Zhang J.-A. ^{[1
]}

Yue M. ^{[1
]}

Lei J. ^{[1
]}

机构：

[1] College of Electronic Information and Automation, Civil Aviation University of China, Tianjin

来源：

Ruan Jian Xue Bao/Journal of Software | 2020年 / 31卷 / 05期

基金：

中国国家自然科学基金;

关键词：

Anomaly detection; Hidden semi-Markov model; Low-rate denial of service; Network measurement; Wavelet analysis;

D O I：

10.13328/j.cnki.jos.005658

中图分类号：

学科分类号：

摘要：

Low-rate denial of service (LDoS) attack can cause the packets loss of the legitimate users and reduce the transmission performance of the transport system by sending short bursts of packets periodically. The LDoS attack flows always mix with the legitimate traffic, hence, it is hard to be detected. This study designs an LDoS attack classifier based on network model, which uses hidden semi-Markov model (HSMM), and deploys a decision indicator to detect LDoS attacks. In this method, wavelet transform is exploited to compute the network traffic’s wavelet energy spectrum entropy, which is used as the input of the HSMM. The proposed detection method has been evaluated in NS-2 and Test-bed, and experimental results show that it achieves a better performance with detection rate of 96.81%. © Copyright 2020, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

引用

页码：1549 / 1562

页数：13

共 23 条

[1]

Wu ZJ, Pei BS., The detection of LDoS attack based on the model of small signal, Acta Electronica Sinica, 39, 6, pp. 1456-1460, (2011)

[2]

Luo JT, Yang XL, Wang J, Xu J, Sun J, Long KP., On a mathematical model for low-rate shrew DDoS, IEEE Trans. on Information Forensics and Security, 9, 7, pp. 1069-1083, (2014)

[3]

Kuzmanovic A, Knightly EW., Low-rate TCP-targeted denial of service attacks, Proc. of the ACM SIGCOMM, 14, 4, pp. 75-86, (2003)

[4]

Wen K, Yang JH, Zhang B., Survey on research and progress of low-rate denial of service attacks, Ruan Jian Xue Bao/Journal of Software, 25, 3, pp. 591-605, (2014)

[5]

Kwok YK, Tripathi R, Chen Y, Hwang K., HAWK: Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks, Proc. of the ICCNMC, pp. 423-432, (2005)

[6]

Zhang J, Hu HP, Liu B, Xiao FT., Detecting LDoS attack based on ASPQ, Journal on Communication, 33, 5, pp. 79-84, (2012)

[7]

Wu N, Mu ZY, Zhang LC., Distributed denial of service covert flow detection based on data stream potential energy feature, Computer Engineering, 41, 3, pp. 142-146, (2015)

[8]

Luo JT, Yang XL., The new shrew attack: A new type of low-rate TCP-targeted DoS attack, Proc. of the Int’l Conf. on Communications, pp. 713-718, (2014)

[9]

Chen Y, Huang K, Kwok YK., Collaborative defense against periodic shrew DDoS attacks in frequency domain, ACM Trans. on Information and System Security, (2005)

[10]

Tang D, Chen K, Chen XS, Liu HY, Li XH., Adaptive EWMA method based on abnormal network traffic for LDoS attacks, Mathematical Problems in Engineering, 3, pp. 166-183, (2014)

← 1 2 3 →