A Low-Rate DoS Attack Detection Method Based on Hilbert Spectrum and Correlation

Wu, Xiaoxue; Tang, Dan; Man, Jianping; Zhan, Sijia; Liu, Qin

doi:10.1109/smartworld.2018.00236

Cited by 10 publications

(5 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [23][24][25][26][27][28][29][30][31][32] reported on wormholes in DDoS attacks, which are observed as a disaster for any kind of wireless and wired media. They had reported that this malicious activity can damage any kind of software and slow down the speed of any hardware and software by stealthily installing it while running in another program.…”

Section: Conflicts Of Interestmentioning

confidence: 99%

Implementation of a Clustering-Based LDDoS Detection Method

et al. 2022

View full text Add to dashboard Cite

With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.

show abstract

Section: Conflicts Of Interestmentioning

confidence: 99%

Implementation of a Clustering-Based LDDoS Detection Method

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The self-adaptability feature of the detection technique is prone to adapt to undetected attack traffic. On the other hand, Tang et al [36] combined Hilbert Spectrum and Pearson Correlation coefficient to detect LDDoS attack packets in a detection window of 20 s. Despite the benefits of simplicity and quick detection time, time-domain-based detection methods have lower detection rates than the other approaches.…”

Section: Time-domain Based Detectionmentioning

confidence: 99%

On the Detection of Low-Rate Denial of Service Attacks at Transport and Application Layers

et al. 2021

View full text Add to dashboard Cite

Distributed denial of service (DDoS) attacks aim to deplete the network bandwidth and computing resources of targeted victims. Low-rate DDoS attacks exploit protocol features such as the transmission control protocol (TCP) three-way handshake mechanism for connection establishment and the TCP congestion-control induced backoffs to attack at a much lower rate and still effectively bring down the targeted network and computer systems. Most of the statistical and machine/deep learning-based detection methods proposed in the literature require keeping track of packets by flows and have high processing overheads for feature extraction. This paper presents a novel two-stage model that uses Long Short-Term Memory (LSTM) and Random Forest (RF) to detect the presence of attack flows in a group of flows. This model has a very low data processing overhead; it uses only two features and does not require keeping track of packets by flows, making it suitable for continuous monitoring of network traffic and on-the-fly detection. The paper also presents an LSTM Autoencoder to detect individual attack flows with high detection accuracy using only two features. Additionally, the paper presents an analysis of a support vector machine (SVM) model that detects attack flows in slices of network traffic collected for short durations. The low-rate attack dataset used in this study is made available to the research community through GitHub.

show abstract

“…Periodic LDoS attack flows and normal network flows have different frequency domain features. Many detection methods based on frequency domain feature anomalies have been proposed [31][32][33]. For example, Chen et al [18] proposed to combine power spectrum analysis and information entropy to detect and mitigate LDoS attacks.…”

Section: The Anomaly-based Defense Strategymentioning

confidence: 99%

Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis

Tang

Dai

2020

Hum. Cent. Comput. Inf. Sci.

Self Cite

View full text Add to dashboard Cite

Denial of service (DoS) attack [1, 2] is a common attack vector, which generally seeks to exhaust the limited network resources, resulting in the legitimate users' requests not being processed. DoS attacks are becoming more widespread, targeting IoT networks [3, 4], SDN networks [5, 6], cloud computing environments [7, 8] and cyber-physical systems [9]. Aiming to combat DoS attacks, many methods have been proposed, in which a common detection method is based on abnormal statistical characteristics. Another type of DoS attack is the low-rate denial of service (LDoS) attack [10-12] that is hard to be accurately detected due to its low-rate nature. Many LDoS attacks have emerged, such as Shrew attacks [13], LoRDAS attacks [14], slow DoS attacks(e.g. Slow Next, SlowComm) [15, 16], etc. These attacks have the same characteristics, that is, they do not need to maintain sustained high-speed attack traffic to cause damage. Among all these attacks, TCP-targeted LDoS attacks are one of the most common LDoS attacks. To reduce the TCP's throughput, the attacker sends packet bursts

show abstract

A Low-Rate DoS Attack Detection Method Based on Hilbert Spectrum and Correlation

Cited by 10 publications

References 19 publications

Implementation of a Clustering-Based LDDoS Detection Method

Implementation of a Clustering-Based LDDoS Detection Method

On the Detection of Low-Rate Denial of Service Attacks at Transport and Application Layers

Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis

Contact Info

Product

Resources

About