基于简单统计特征的LDoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2022216

Abstract

Abstract:

Traditional low-rate denial of service (LDoS) attack detection methods were complex in feature extraction, high in computational cost, single in experimental data background settings, and outdated in attack scenarios, so it was difficult to meet the demand for LDoS attack detection in a real network environment.By studying the principle of LDoS attack and analyzing the features of LDoS attack traffic, a detection method of LDoS attack based on simple statistical features of network traffic was proposed.By using the simple statistical features of network traffic packets, the detection data sequence was constructed, the time correlation features of input samples were extracted by deep learning technology, and the LDoS attack judgment was made according to the difference between the reconstructed sequence and the original input sequence.Experimental results show that the proposed method can effectively detect the LDoS attack traffic in traffic and has strong adaptability to heterogeneous network traffic.

Key words: statistical features, deep learning, low-rate denial of service, attack detection

CLC Number:

TP391

Xueyuan DUAN, Yu FU, Kun WANG, Bin LI. LDoS attack detection method based on simple statistical features[J]. Journal on Communications, 2022, 43(11): 53-64.

Figures/Tables 15

References 29

[1]	WU Z J , LI W J , LIU L ,et al. Low-rate DoS attacks,detection,defense,and challenges:a survey[J]. IEEE Access, 2020,8: 43920-43943.
[2]	ADI E , BAIG Z , LAM C P ,et al. Low-rate denial-of-service attacks against HTTP/2 services[C]// Proceedings of 2015 5th International Conference on IT Convergence and Security (ICITCS). Piscataway:IEEE Press, 2015: 1-5.
[3]	李洪成, 吴晓平, 姜洪海 . 基于改进聚类分析的网络流量异常检测方法[J]. 网络与信息安全学报, 2015,1(1): 66-71.
	LI H C , WU X P , JIANG H H . Traffic anomaly detection method in networks based on improved clustering algorithm[J]. Chinese Journal of Network and Information Security, 2015,1(1): 66-71.
[4]	MANIMURUGAN S , ALMUTAIRI S . A user-based video recommendation approach using CAC filtering,PCA with LDOS-CoMoDa[J]. The Journal of Supercomputing, 2022,78(7): 9377-9391.
[5]	李佳, 云晓春, 李书豪 ,等. 基于混合结构深度神经网络的 HTTP恶意流量检测方法[J]. 通信学报, 2019,40(1): 24-33.
	LI J , YUN X C , LI S H ,et al. HTTP malicious traffic detection method based on hybrid structure deep neural network[J]. Journal on Communications, 2019,40(1): 24-33.
[6]	SHI W , TANG D , ZHAN S J ,et al. An approach for detecting LDoS attack based on cloud model[J]. Frontiers of Computer Science, 2022,16(6): 1-12.
[7]	KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies[C]// Proceedings of IEEE/ACM Transactions on Networking. Piscataway:IEEE Press, 2005: 683-696.
[8]	LIU L , WANG H Y , WU Z J ,et al. The detection method of low-rate DoS attack based on multi-feature fusion[J]. Digital Communications and Networks, 2020,6(4): 504-513.
[9]	SHARAFALDIN I , GHARIB A , LASHKARI A H ,et al. Towards a reliable intrusion detection benchmark dataset[J]. Software Networking, 2017,2017(1): 177-200.
[10]	吴志军, 张景安, 岳猛 ,等. 基于联合特征的LDoS攻击检测方法[J]. 通信学报, 2017,38(5): 19-30.
	WU Z J , ZHANG J G , YUE M ,et al. Approach of detecting low-rate DoS attack based on combined features[J]. Journal on Communications, 2017,38(5): 19-30.
[11]	WU Z J , ZHANG L Y , YUE M . Low-rate DoS attacks detection based on network multifractal[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(5): 559-567.
[12]	LIU D L , SHUAI D X . Multifractal characteristic quantities of network traffic models[C]// Grid and Cooperative Computing. Berlin:Springer, 2004: 413-417.
[13]	ZHANG C W , CAI Z P , CHEN W F ,et al. Flow level detection and filtering of low-rate DDoS[J]. Computer Networks, 2012,56(15): 3417-3431.
[14]	WU Z J , WANG M X , YAN C C ,et al. Low-rate DoS attack flows filtering based on frequency spectral analysis[J]. China Communications, 2017,14(6): 98-112.
[15]	杜臻, 马立鹏, 孙国梓 . 一种基于小波分析的网络流量异常检测方法[J]. 计算机科学, 2019,46(8): 178-182.
	DU Z , MA L P , SUN G Z . Network traffic anomaly detection based on wavelet analysis[J]. Computer Science, 2019,46(8): 178-182.
[16]	AGRAWAL N , TAPASWI S . Low rate cloud DDoS attack defense method based on power spectral density analysis[J]. Information Processing Letters, 2018,138: 44-50.
[17]	BRYNIELSSON J , SHARMA R . Detectability of low-rate HTTP server DoS attacks using spectral analysis[C]// Proceedings of 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). Piscataway:IEEE Press, 2015: 954-961.
[18]	WU X X , TANG D , TANG L ,et al. A low-rate DoS attack detection method based on Hilbert spectrum and correlation[C]// Proceedings of 2018 IEEE SmartWorld,Ubiquitous Intelligence ＆ Computing,Advanced ＆ Trusted Computing,Scalable Computing ＆ Communications,Cloud ＆ Big Data Computing,Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). Piscataway:IEEE Press, 2018: 1358-1363.
[19]	SWAMI R , DAVE M , RANGA V . Defending DDoS against software defined networks using entropy[C]// Proceedings of 2019 4th International Conference on Internet of Things:Smart Innovation and Usages (IoT-SIU). Piscataway:IEEE Press, 2019: 1-5.
[20]	ZHANG D S , TANG D , TANG L ,et al. PCA-SVM-based approach of detecting low-rate DoS attack[C]// Proceedings of 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems. Piscataway:IEEE Press, 2019: 1163-1170.
[21]	YAN Y D , TANG D , ZHAN S J ,et al. Low-rate DoS attack detection based on improved logistic regression[C]// Proceedings of 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City;IEEE 5th International Conference on Data Science and Systems. Piscataway:IEEE Press, 2019: 468-476.
[22]	PéREZ-DíAZ J A , VALDOVINOS I A , CHOO K K R ,et al. A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning[J]. IEEE Access, 2020,8: 155859-155872.
[23]	TANG D , TANG L , DAI R ,et al. MF-Adaboost:LDoS attack detection based on multi-features and improved Adaboost[J]. Future Generation Computer Systems, 2020,106: 347-359.
[24]	ILANGO H S , MA M D , SU R . A FeedForward-convolutional neural network to detect low-rate DoS in IoT[J]. Engineering Applications of Artificial Intelligence, 2022,114:105059.
[25]	TANG D , TANG L , SHI W ,et al. MF-CNN:a new approach for LDoS attack detection based on multi-feature fusion and CNN[J]. Mobile Networks and Applications, 2021,26(4): 1705-1722.
[26]	AGARWAL A , PRASAD A , RUSTOGI R ,et al. Detection and mitigation of fraudulent resource consumption attacks in cloud using deep learning approach[J]. Journal of Information Security and Applications, 2021,56:102672.
[27]	XU C Y , SHEN J Z , DU X . Low-rate DoS attack detection method based on hybrid deep neural networks[J]. Journal of Information Security and Applications, 2021,60:102879.
[28]	CHEN X H , DENG L W , HUANG F T ,et al. DAEMON:unsupervised anomaly detection and interpretation for multivariate time series[C]// Proceedings of 2021 IEEE 37th International Conference on Data Engineering. Piscataway:IEEE Press, 2021: 2225-2230.
[29]	ANDREAS V , MICHAEL W , SERGE B . Residual networks behave like ensembles of relatively shallow networks[C]// Advances in Neural Information Processing Systems. Massachusetts:MIT Press, 2016: 550-558.

Metrics

Recommended 0

No Suggested Reading articles found!

攻击种类	流量总时长/min	正常流片段数/段	攻击流片段数/段	异常比
Pwnloris	300	1 440	360	0.2
Hping	300	1 440	360	0.2
Torshammer	300	1 440	360	0.2
Slowloris	300	1 440	360	0.2
Httpbog	300	1 440	360	0.2
Slowhttptest	300	1 440	360	0.2
All-United	360	1 440	720	0.33

超参数属性	取值
最大迭代次数/次	80
批大小	16
学习率	0.000 5
停止训练阈值	0.000 1

攻击种类	准确率	召回率	精确率	误警率	F1值
Pwnloris	0.979 4	0.961 1	0.937 7	0.016 0	0.949 2
Hping	0.969 4	0.947 2	0.904 5	0.025 0	0.925 4
Torshammer	0.968 9	0.955 6	0.895 8	0.027 8	0.924 7
Slowloris	0.962 2	0.936 1	0.882 2	0.031 3	0.908 4
Httpbog	0.964 4	0.930 6	0.895 7	0.027 1	0.912 8
Slowhttptest	0.951 7	0.952 8	0.830 5	0.048 6	0.887 5
平均值	0.966 0	0.947 2	0.891 1	0.029 3	0.918 0

攻击种类	检测时间/s	单轮检测时间/s	单样本检测时间/ ms
Pwnloris	5.67	1.134	0.63
Hping	4.72	0.944	0.52
Torshammer	6.32	1.264	0.70
Slowloris	6.67	1.334	0.74
Httpbog	4.98	0.996	0.55
Slowhttptest	3.39	0.678	0.38
All-United	12.58	1.258	0.58

检测方法	实验数据	数据来源	准确率	召回率	精确率	误警率	F1值	消耗时间/ms
联合特征	自采集数据	实际网络环境中搭建的Test-bed实验平台	—	0.966 8	—	0.038 9	—	—
PCA-SVM	自采集数据	NS-2试验平台	0.924 7	0.951 6	—	0.068 8	—	—
SDN-MLP	CICDoS2017	公开数据集	0.950 1	0.945 1	0.954 6	0.005 2	0.949 8	—
MF-Adaboost	自采集数据	NS-2试验平台	—	0.970 6	—	0.003 3	—	—
FF-CNN	CICDoS2017	公开数据集	0.990 0	0.963 0	0.975 0	—	0.969 0	0.003 8
LSTM-GAN	自采集数据	实际网络环境及模拟攻击平台	0.949 9	0.942 8	0.910 3	0.046 6	0.926 2	0.580 0

LDoS attack detection method based on simple statistical features

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 29

Related Articles 15

Metrics

Recommended 0

[1]	Dongyu CHEN, Hua CHEN, Limin FAN, Yifang FU, Jian WANG. Research on test strategy for randomness based on deep learning [J]. Journal on Communications, 2023, 44(6): 23-33.
[2]	Rongpeng LI, Bingyan WANG, Honggang ZHANG, Zhifeng ZHAO. Design of knowledge enhanced semantic communication receiver [J]. Journal on Communications, 2023, 44(6): 70-76.
[3]	Shuai MA, Ke PEI, Huayan QI, Hang LI, Wen CAO, Hongmei WANG, Hailiang XIONG, Shiyin LI. Research on geomagnetic indoor high-precision positioning algorithm based on generative model [J]. Journal on Communications, 2023, 44(6): 211-222.
[4]	Jie YANG, Biao DONG, Xue FU, Yu WANG, Guan GUI. Lightweight decentralized learning-based automatic modulation classification method [J]. Journal on Communications, 2022, 43(7): 134-142.
[5]	Xiuzhang YANG, Guojun PENG, Zichuan LI, Yangqi LYU, Side LIU, Chenguang LI. Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [J]. Journal on Communications, 2022, 43(6): 58-70.
[6]	Yong LIAO, Shiyi WANG. CSI feedback algorithm based on RM-Net for massive MIMO systems in high-speed mobile environment [J]. Journal on Communications, 2022, 43(5): 166-176.
[7]	Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203.
[8]	Zenghua ZHAO, Yuefan TONG, Jiayang CUI. Device-independent Wi-Fi fingerprinting indoor localization model based on domain adaptation [J]. Journal on Communications, 2022, 43(4): 143-153.
[9]	Lixia XIE, Xueou LI, Hongyu YANG, Liang ZHANG, Xiang CHENG. Multi-stage detection method for APT attack based on sample feature reinforcement [J]. Journal on Communications, 2022, 43(12): 66-76.
[10]	Yong LIAO, Gang CHENG, Yujie LI. CSI feedback algorithm based on deep unfolding for massive MIMO systems [J]. Journal on Communications, 2022, 43(12): 77-88.
[11]	Junyan HUO, Ruipeng QIU, Yanzhuo MA, Fuzheng YANG. Reference frame list optimization algorithm in video coding by quality enhancement of the nearest picture [J]. Journal on Communications, 2022, 43(11): 136-147.
[12]	Haiyan KANG, Yuanrui JI. Research on federated learning approach based on local differential privacy [J]. Journal on Communications, 2022, 43(10): 94-105.
[13]	Hongxia ZHANG, Qi WANG, Dengyue WANG, Ben WANG. Honeypot contract detection of blockchain based on deep learning [J]. Journal on Communications, 2022, 43(1): 194-202.
[14]	Yan YAN, Yiming CONG, Mahmood Adnan, Quanzheng SHENG. Statistics release and privacy protection method of location big data based on deep learning [J]. Journal on Communications, 2022, 43(1): 203-216.
[15]	Ye ZHU, Yilin YU, Yingchun GUO. HRDA-Net: image multiple manipulation detection and location algorithm in real scene [J]. Journal on Communications, 2022, 43(1): 217-226.