基于ACK序号步长的LDoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2018126

Abstract

Abstract:

Low-rate denial of service (LDoS) attack is a potential security threat to big data centers and cloud computing platforms because of its strong concealment.Based on the analysis of network traffic during the LDoS attack,statistical analysis was given of ACK packets returned by the data receiver to the sender,and result reveals the sequence number step had the characteristics of volatility during the LDoS attack.The permutation entropy method was adopted to extract the characteristics of volatility.Hence,an LDoS attack detection method based on ACK serial number step permutation entropy was proposed.The serial number was sampled and the step length was calculated through collecting the ACK packets that received at the end of sender.Then,the permutation entropy algorithm with strong time-sensitive was used to detect the mutation step time,and achieve the goal of detecting LDoS attack.A test-bed was designed and built in the actual network environment for the purpose of verifying the proposed approach performance.Experimental results show that the proposed approach has better detection performance and has achieved better detection effect.

Key words: low-rate denial of service, ACK serial number step-length, permutation entropy, detection

CLC Number:

TP302

Zhijun WU,Qingbo PAN,Meng YUE. Detection method of LDoS attack based on ACK serial number step-length[J]. Journal on Communications, 2018, 39(7): 139-147.

Figures/Tables 10

References 18

[1]	KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies[J]. IEEE/ACM Transactions on Networking, 2006,14(4): 683-696.
[2]	KUZMANOVIC A , KNIGHTLY E W.Low-rate TCP-targeted denial of service attacks:the shrew vs . the mice and elephants[C]// ACM SIGCOMM 2003 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communication. 2003: 75-86.
[3]	文坤, 杨家海, 张宾 . 低速率拒绝服务攻击研究与进展综述[J]. 软件学报, 2014,25(3): 591-605.
	WEN K , YANG J H , ZHANG B . Survey on research and progress of low-rate denial of service attacks[J]. Journal of Software, 2014,25(3): 591-605.
[4]	何炎祥, 刘陶, 曹强 ,等. 低速率拒绝服务攻击研究综述[J]. 计算机科学与探索, 2008,2(1): 1-19.
	HE Y X , LIU T , CAO Q ,et al. A survey of low-rate denial-of-service attacks[J]. Journal of Frontiers of Computer Science and Technology, 2008,2(1): 1-19.
[5]	KWOK Y K , TRIPATHI R , CHEN Y ,et al. HAWK:halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks[C]// International Conference on NETWORKING and Mobile Computing. 2005: 423-432.
[6]	XIANG Y , LI K , ZHOU W . Low-rate DDoS attacks detection and trace back by using new information metrics[J]. IEEE Transactions Information Forensics and Security, 2011,6(2): 426-437.
[7]	YUHEI H , JIA Y Z.SATOSHI N . Method for detecting low-rate attacks on basis of burst-state duration using quick packet-matching function[C]// IEEE International Symposium on Local and Metropolitan Area Networks. 2017: 1-2.
[8]	CHENG C M , KUNG H , TAN K S . Use of spectral analysis in defense against DoS attacks[C]// IEEE Global Telecommunications. 2002: 2143-2148.
[9]	何炎祥, 曹强, 刘陶 ,等. 一种基于小波特征提取的低速率DoS检测方法[J]. 软件学报, 2009,20(4): 930-941.
	HE Y X , CAO Q , LIU T ,et al. A low-rate Dos detection method based on feature extraction using wavelet transform[J]. Journal of Software, 2009,20(4): 930-941.
[10]	PAUL C , MYONG K , ALEXANDER V . Spectral analysis of low rate of denial of service attacks detection based on fisher and Siegel tests[C]// IEEE International Conference on Communications(ICC). 2016: 1-6.
[11]	WEI W , FENG C , XIA Y ,et al. A rank correlation based detection against distributed reflection DoS attacks[J]. IEEE Communications Letters, 2013,17(1): 173-175.
[12]	BHUYAN M H , KALWAR A , GOSWAMI A ,et al. Low-rate and high-rate distributed DoS attack detection using partial rank correlation[C]// Fifth International Conference on Communication Systems and Network Technologies. 2015: 706-710.
[13]	CHEN K , LIU H Y , CHEN X S . Detecting LDoS attacks based on abnormal network traffic[J]. KSII Transactions on Internet and Information Systems, 2012,6(7): 1831-1853.
[14]	FALL K R , RICHARD S W . TCP/IP详解卷1:协议[M]. 北京: 机械工业出版社, 2016.
	FALL K R , RICHARD S W . TCP/IP illustrated volume 1:the protocols[M]. Beijing: China Machine PressPress, 2016.
[15]	FENG F Z , RAO G Q , WEI S A . Application and development of permutation entropy algorithm[J]. Journal of Academy of Armored Force Engineering, 2012,26(2): 34-38.
[16]	饶国强, 冯辅周, 司爱威 . 排列熵算法参数的优化确定方法研究[J]. 振动与冲击, 2014,33(1): 188-193.
	RAO G Q , FENG F Z , SI A W . Method for optimal determination of parameters in permutation entropy algorithm[J]. Journal of Vibration and Shock, 2014,33(1): 188-193.
[17]	王海燕, 盛昭瀚 . 混沌时间序列相空间重构参数的选取方法[J]. 东南大学学报(自然科学版), 2000,30(5): 113-117.
	WANA H Y , CHENG Z H . Choice of the parameters for the phase space reconstruction of Chaotic time series[D]. Journal of Southeast University(Natural Science Edition), 2000,30(5): 113-117.
[18]	刘永斌 . 基于非线性信号分析的滚动轴承状态监测诊断研究[D]. 合肥:中国科学技术大学, 2011.
	LIU Y B . Nonlinear signal analysis for rolling bearing condition monitoring and fault diagnosis[D]. Hefei:University of Science and Technology, 2011.

Metrics

Recommended 0

No Suggested Reading articles found!

参数	取值
嵌入维数d	3
时延τ	2
子序列长度l	100

TCP流数	阈值	检测率	误报率	漏报率	预测攻击时刻误差/s
单条	0	100.0%	1.0%	0.0%	0.78
多条相同RTT	0.767 7	96.0%	3.0%	4.0%	1.25
多条不同RTT	0.775 9	98.0%	7.0%	2.0%	1.37

检测方法	报警率	虚警率	漏警率
NCPSD	88.0%	16.0%	12.0%
基于ACK异常流量	94.0%	2.0%	6.0%
本文检测方法	98.0%	7.0%	2.0%

Detection method of LDoS attack based on ACK serial number step-length

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 18

Related Articles 15

Metrics

Recommended 0

[1]	Yang GAO, Hongli ZHANG. Survey on community detection method based on random walk [J]. Journal on Communications, 2023, 44(6): 198-210.
[2]	Jinzhi ZHENG, Ruyi JI, Libo ZHANG, Chen ZHAO. End-to-end scene text detection and recognition algorithm based on Transformer decoders [J]. Journal on Communications, 2023, 44(5): 64-78.
[3]	Xin SUN, Guifu ZHANG, Hongyan XING, Wang Zenghui. Research on intrusion detection for maritime meteorological sensor network based on balancing generative adversarial network [J]. Journal on Communications, 2023, 44(4): 124-136.
[4]	Qianyi DAI, Bin ZHANG, Song GUO, Kaiyong XU. Blockchain network layer anomaly traffic detection method based on multiple classifier integration [J]. Journal on Communications, 2023, 44(3): 66-80.
[5]	Bingpeng ZHOU, Shanshan MA. Simultaneous vehicular location and velocity detection towards 6G integrated communication and sensing [J]. Journal on Communications, 2023, 44(3): 81-92.
[6]	Helin SUN, Hongyuan GAO, Yanan DU, Jianhua CHENG, Yapeng LIU. Joint estimation method of target number and orientation parameters for FDA-MIMO radar [J]. Journal on Communications, 2023, 44(2): 41-51.
[7]	Weigang HUO, Rui LIANG, Yonghua LI. Anomaly detection model for multivariate time series based on stochastic Transformer [J]. Journal on Communications, 2023, 44(2): 94-103.
[8]	Guojun LI, Cuiling XIANG, Changrong YE, Zunli WANG. Fast link-establishment method of integrated of communication and detection based on short-wave digital channelization [J]. Journal on Communications, 2023, 44(1): 89-102.
[9]	Hongyu YANG, Haiyun YANG, Liang ZHANG, Xiang CHENG. Feature dependence graph based source code loophole detection method [J]. Journal on Communications, 2023, 44(1): 103-117.
[10]	Yanhua LIU, Jiaqi LI, Zhengui OU, Xiaoling GAO, Ximeng LIU, Weizhi MENG, Baoxu LIU. Adversarial training driven malicious code detection enhancement method [J]. Journal on Communications, 2022, 43(9): 169-180.
[11]	Chengsheng YUAN, Qiang GUO, Zhangjie FU. Copyright protection algorithm based on differential privacy deep fake fingerprint detection model [J]. Journal on Communications, 2022, 43(9): 181-193.
[12]	Rui JIANG, Jun LI, Youyun XU, Xiaoming WANG, Dapeng LI. Fault tolerant GPS-AOA-SINS integrated navigation algorithm based on federated Kalman filter [J]. Journal on Communications, 2022, 43(8): 78-89.
[13]	Weiyu CHEN, Junshan LUO, Fanggang WANG, Haiyang DING, Shilian WANG, Guojiang XIA. Survey of capacity limits and implementation techniques in wireless covert communication [J]. Journal on Communications, 2022, 43(8): 203-218.
[14]	Jianxin LIAO, Xiaoyuan FU, Qi QI, Jingyu WANG, Haifeng SUN. 6G-ADM: knowledge based 6G network management and control architecture [J]. Journal on Communications, 2022, 43(6): 3-15.
[15]	Zhengyu ZHU, Yu LIN, Zixuan WANG, Kexian GONG, Pengfei CHEN, Zhongyong WANG, Jing LIANG. Fast blind detection of short-wave frequency hopping signal based on MeanShift [J]. Journal on Communications, 2022, 43(6): 200-210.