Los puntos clave no están disponibles para este artículo en este momento.
Abstract Low-rate denial of service (LDoS) attacks send attacking bursts intermittently to the network which can severely degrade the victim system’s Quality of Service (QoS). The low-rate nature of such attacks complicates attack detection. LDoS attacks repeatedly trigger the congestion control mechanism, which can make TCP traffic extremely unstable. This paper investigates the network traffic’ characteristics, in which variance and entropy are used to evaluate the TCP traffic’s characteristics, and the ratio of UDP traffic to TCP traffic (UTR) is also analyzed. Thus, a detection method combining two-step cluster analysis and UTR analysis is proposed. Through two-step cluster analysis which is one of the machine learning algorithms, network traffic is divided into multiple clusters and then clusters subjected to LDoS attacks are determined using UTR analysis. NS2 simulation platform and test-bed network environment aim to evaluate the detection approach’s performance. To better assess the effectiveness of the method, public dataset WIDE is also utilized. Experimental results with a good performance prove that the proposed detection approach can accurately detect LDoS attacks.
Tang et al. (Thu,) studied this question.