The use of statistical features for low-rate denial-of-service attack detection

Low-rate denial-of-service (LDoS) attacks can significantly reduce network performance. These attacks involve sending periodic high-intensity pulse data flows, sharing similar harmful effects with traditional DoS attacks. However, LDoS attacks have different attack modes, making detection particularly challenging. The high level of concealment associated with LDoS attacks makes them extremely difficult to identify using traditional DoS detection methods. In this paper, we explore the potential of using statistical features for LDoS attack detection. Our results demonstrate the promising performance of statistical features in detecting these attacks. Furthermore, through ANOVA, mutual information, RFE, and SHAP analysis, we find that entropy and L-moment-based features play a crucial role in LDoS attack detection. These findings provide valuable insights into utilizing statistical features enhancing network security, thereby improving the overall resilience and stability of networks against various types of attacks.