基于联合特征的LDoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2017075

Abstract

Abstract:

LDoS (low-rate denial of service) attack is a kind of RoQ (reduction of quality) attack which has the characteristics of low average rate and strong concealment.These characteristics pose great threats to the security of cloud computing platform and big data center.Based on network traffic analysis,three intrinsic characteristics of LDoS attack flow were extracted to be a set of input to BP neural network,which is a classifier for LDoS attack detection.Hence,an approach of detecting LDoS attacks was proposed based on novel combined feature value.The proposed approach can speedily and accurately model the LDoS attack flows by the efficient self-organizing learning process of BP neural network,in which a proper decision-making indicator is set to detect LDoS attack in accuracy at the end of output.The proposed detection approach was tested in NS2 platform and verified in test-bed network environment by using the Linux TCP-kernel source code,which is a widely accepted LDoS attack generation tool.The detection probability derived from hypothesis testing is 96.68%.Compared with available researches,analysis results show that the performance of combined features detection is better than that of single feature,and has high computational efficiency.

Key words: low-rate denial of service attack, united features, BP neural network, anomaly detection

CLC Number:

TP393.08

Zhi-jun WU,Jing-an ZHANG,Meng YUE,Cai-feng ZHANG. Approach of detecting low-rate DoS attack based on combined features[J]. Journal on Communications, 2017, 38(5): 19-30.

Figures/Tables 21

References 28

[1]	吴志军, 岳猛 . 基于信号处理的低速率拒绝服务攻击的检测技术[M]. 北京: 科学出版社, 2015.
	WU Z J , YUE M . Detection technology of LDoS attacks based on signal processing[M]. Beijing: Science PressPress, 2015.
[2]	MACIá-FERNáNDEZ G , DíAZ-VERDEJO J E , GARCíA-TEODORO P . Mathematical model for low-rate DoS attacks against application servers[J]. IEEE Transactions on Information Forensics and Security, 2009,4(3): 519-529.
[3]	TANG Y J , LUO X P , HUI Q ,et al. Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks[J]. IEEE Transactions on Information Forensics and Security, 2014,9(3): 339-353.
[4]	FICCO M , RAK M . Stealthy denial of service strategy in cloud computing[J]. IEEE Transactions on Cloud Computing, 2015,3(1): 80-94.
[5]	KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks- the Shrew vs.the Mice and Elephants[C]// ACM SIGCOMM 2003. Karlsruhe,Germany, 2003: 25-29.
[6]	KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies[J]. IEEE/ACM Transactions on Networking, 2006,14(4): 683-696.
[7]	何炎祥, 刘陶 . 降质服务攻击及其防范方法[M]. 北京: 机械工业出版社, 2011.
	HE Y X , LIU T . Reduction of quality attack and the defense methods[M]. Beijing: China Machine PressPress, 2011.
[8]	TANG Y , LUO X , HUI Q ,et al. Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks[J]. IEEE Transactions on Information Forensics and Security (TIFS), 2014,9(3): 339-353.
[9]	文坤, 杨家海, 张宾 . 低速率拒绝服务攻击研究与进展综述[J]. 软件学报, 2014,25(3): 591-605.
	WEN K , YANG J H , ZHANG B . Survey on research and progress of low-rate denial of service attacks[J]. Journal of Software, 2014,25(3): 591-605.
[10]	ZHU H L , YANG X , WU Q X ,et al. A novel distributed LDoS attack scheme against internet routing[J]. China Communications, 2014,113: 101-107.
[11]	LUO J T , YANG X L . The new shrew attack:a new type of low-rate TCP-targeted DoS attack[C]// International Conference on Communications,Sydney,Australia, 2014: 713-718.
[12]	LUO J T , YANG X L , WANG J ,et al. On a mathematical model for low-rate shrew DDoS[J]. IEEE Transactions on Information Forensics and Security (TIFS), 2014,9(7): 1069-1083.
[13]	张静, 胡华平, 刘波 ,等. 基于ASPQ的LDoS攻击检测方法[J]. 通信学报, 2012,33(5): 79-84.
	ZHANG J , HU H P , LIU B ,et al. Detecting LDoS attack based on ASPQ[J]. Journal on Communications, 2012,33(5): 79-84.
[14]	ZHANG C , YIN J , CAI Z ,et al. RRED:robust RED algorithm to counter low-rate denial-of-service attacks[J]. IEEE Communication Letter, 2010,415: 489-491.
[15]	马建红, 姬莉霞, 文坤 . Shrew 攻击对拥塞控制协议的影响及仿真分析[J]. 河南科技大学学报(自然科学版), 2013,34(4): 51-56.
	MA J H , JI L X , WEN K . Shrew attacks’ influence of congestion control protocol and simulation analysis[J]. Journal of Henan University of Science ＆ Technology (Natural Science), 2013,34(4): 51-56.
[16]	刘文胜, 周长胜 . 基于路由器 BGP 协议的低速率攻击与防御[J]. 北京信息科技大学学报, 2014,29(6): 90-94.
	LIU W S , ZHOU C S . Low-rate attack and defense based on BGP protocol router[J]. Journal of Beijing Information Science and Technology University, 2014,29(16): 90-94.
[17]	WEI W , CHEN F , XIA Y J ,et al. A rank correlation based detection against distributed reflection DoS attacks[J]. IEEE Communications Letters, 2013,17(1): 173-175.
[18]	CHEN Y , HUANG K , KWONG K Y . Collaborative defense against periodic shrew DDoS attacks in frequency domain[C]// ACM Transactions on Information and System Security. ACM:Los Angeles,California,USA, 2005: 2-27.
[19]	TANG D , CHEN K , CHEN X S ,et al. Adaptive EWMA method based on abnormal network traffic for LDoS attacks[J]. Mathematical Problems in Engineering, 2014(3): 166-183.
[20]	WU Z J , ZHANG L Y , YUE M . Low-rate dos attacks detection based on network multifractal[J]. IEEE Transactions on Dependable and Secure Computing, 2016,315: 559-567.
[21]	刘映 . 基于TCP流量统计特征的LDoS攻击检测方法研究[D]. 华中科技大学, 2015.
	LIU Y . Research on LDoS attacks detection method based on the statistical features of TCP traffic[D]. Huazhong University of Science and Technology, 2015.
[22]	KWOK Y K , TRIPATHI R , CHEN Y ,et al. HAWK:halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks[C]// Networking and Mobile Computing,Third International Conference,ICCNMC 2005. 2005: 423-432.
[23]	张静, 胡华平, 刘波 ,等. 基于ASPQ的LDoS攻击检测方法[J]. 通信学报, 2012,33(5): 79-84.
	ZHANG J , HU H P , LIU B ,et al. Detecting LDoS attack based on ASPQ[J]. Journal on Communications, 2012,33(5): 79-84.
[24]	吴娜, 穆朝阳, 张良春 . 基于数据流势能特征的分布式拒绝服务隐蔽流量检测[J]. 计算机工程, 2015,42(3): 142-146.
	WU N , MU C Y , ZHANG L C . Distributed denial of service covert flow detection based on data stream potential energy feature[J]. Computer Engineering, 2015,42(3): 142-146.
[25]	李振军, 程杰仁 . 基于多特征分布式拒绝服务攻击的检测[J]. 信息网络安全, 2013(5): 25-28.
	LI Z J , CHENG J R . Detecting distributed denial of service attack based on multi-feature fusion[J]. Netinfo Security, 2013(5): 25-28.
[26]	HSIAO K J , XU K S , CALDER J ,et al. Multicriteria similarity-based anomaly detection using pareto depth analysis[J]. IEEE Transactions on Neural Networks and Learning Systems, 2016,27(6): 1307-1321.
[27]	徐琴珍, 杨绿溪 . 一种优化的神经网络树异常入侵检测方法[J]. 信号处理, 2010,26(11): 1663-1669.
	XU Q Z , YANG L X . An optimized neural network tree based anomaly intrusion detection method[J]. Journal of Signal Processing, 2010,26(11): 1663-1669.
[28]	吴志军, 岳猛 . 基于卡尔曼滤波的LDDoS攻击检测方法[J]. 电子学报, 2008,36(8): 1590-1594.
	WU Z J , YUE M . Detection of LDDoS attack based on Kalman filtering[J]. Acta Electronica Sinica, 2008,26(8): 1590-1594.

Metrics

Recommended 0

No Suggested Reading articles found!

D	检测率	漏警率	虚警率
0.1	100%	0%	6%
0.2	100%	0%	2%
0.3	100%	0%	2%
0.4	100%	0%	2%
0.5	100%	0%	2%
0.6	100%	0%	0%
0.7	96%	4%	0%
0.8	90%	10%	0%
0.9	86%	14%	0%

输入的训练特征	检测率	漏警率	虚警率
可用带宽百分比	90%	10%	2%
小分组比例	86%	14%	10%
分组丢失率	94%	6%	4%
可用带宽百分比+小分组比例	86%	14%	10%
可用带宽百分比+分组丢失率	96%	4%	0%
小分组比例+分组丢失率	88%	12%	6%
联合特征	100%	0%	0%

D	P_D	P_FN	P_FP
0.400 0	99.22%	0.78%	10.54%
0.511 5	96.68%	3.32%	3.89%
0.550 0	94.89%	5.11%	2.62%
0.600 0	91.52%	8.48%	1.50%
0.650 0	86.70%	13.30%	0.82%

方法	检测率	漏警率	虚警率
NCPSD	88.00%	12.00%	16.70%
卡尔曼滤波	89.60%	10.40%	12.60%
多重分形	91.00%	9.00%	10.00%
本文方法	96.68%	3.32%	3.89%

Approach of detecting low-rate DoS attack based on combined features

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 21

References 28

Related Articles 15

Metrics

Recommended 0

[1]	Weigang HUO, Rui LIANG, Yonghua LI. Anomaly detection model for multivariate time series based on stochastic Transformer [J]. Journal on Communications, 2023, 44(2): 94-103.
[2]	Jianxin LIAO, Xiaoyuan FU, Qi QI, Jingyu WANG, Haifeng SUN. 6G-ADM: knowledge based 6G network management and control architecture [J]. Journal on Communications, 2022, 43(6): 3-15.
[3]	Xueyuan DUAN, Yu FU, Kun WANG. Multi-dimensional time series anomaly detection method based on VAE-WGAN [J]. Journal on Communications, 2022, 43(3): 1-13.
[4]	Ping WU, Chaowen CHANG, Zhibin ZUO, Yingying MA. Address overloading-based packet forwarding verification in SDN [J]. Journal on Communications, 2022, 43(3): 88-100.
[5]	Haili SUN, Xiang LONG, Lansheng HAN, Yan HUANG, Qingbo LI. Overview of anomaly detection techniques for industrial Internet of things [J]. Journal on Communications, 2022, 43(3): 196-210.
[6]	Zhuo CHEN, Miao ZHU, Junwei DU. Multi-view graph neural network for fraud detection algorithm [J]. Journal on Communications, 2022, 43(11): 225-232.
[7]	Xueyuan DUAN, Yu FU, Kun WANG, Taotao LIU, Bin LI. Network traffic anomaly detection method based on multi-scale characteristic [J]. Journal on Communications, 2022, 43(10): 65-76.
[8]	Tieming CHEN,Chengqiang JIN,Mingqi LYU,Tiantian ZHU. Intelligent detection method on network malicious traffic based on sample enhancement [J]. Journal on Communications, 2020, 41(6): 128-138.
[9]	Qi QI,Runye SHEN,Jingyu WANG. GAD:topology-aware time series anomaly detection [J]. Journal on Communications, 2020, 41(6): 152-160.
[10]	Xiaohui YANG,Shengchang ZHANG. Anomaly detection model based on multi-grained cascade isolation forest algorithm [J]. Journal on Communications, 2019, 40(8): 133-142.
[11]	Zuan WANG,Youliang TIAN,Qiuxian LI,Xinhuan YANG. Proof of work algorithm based on credit model [J]. Journal on Communications, 2018, 39(8): 185-198.
[12]	Yihan YU,Yu FU,Xiaoping WU. Metric and classification model for privacy data based on Shannon information entropy and BP neural network [J]. Journal on Communications, 2018, 39(12): 10-17.
[13]	Yi-wei GAO,Rui-kang ZHOU,Ying-xu LAI,Ke-feng FAN,Xiang-zhen YAO,Lin LI. Research on industrial control system intrusion detection method based on simulation modelling [J]. Journal on Communications, 2017, 38(7): 186-198.
[14]	Ying-xu LAI,Zeng-hui LIU,Xiao-tian CAI,Kai-xiang YANG. Research on intrusion detection of industrial control system [J]. Journal on Communications, 2017, 38(2): 143-156.
[15]	Tai-ming ZHU,Yuan-bo GUO,An-kang JU,Jun MA. Business process mining based insider threat detection system [J]. Journal on Communications, 2016, 37(Z1): 180-188.