An adaptive KPCA approach for detecting LDoS attack

Zhang, Xiaoyu; Wu, Zhijun; Chen, Jiusheng

doi:10.1002/dac.2993

Cited by 21 publications

(8 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our method has an FPR of 0.0133 and an FNR of 0.0061. The FPR of our method is higher than that of the wavelet feature extraction method [37] and the adaptive v-SVR method [40], but lower than that of the multifractal method [19] and the KPCA method [30]. Although the FPR of our method is not the lowest of these five methods, the FNR of our method is the lowest, which proves that our detection method achieves good performance.…”

Section: Results Analysismentioning

confidence: 68%

“…Zhang et al [30] proposed using wavelet multi-scale analysis and adaptive KPCA to detect LDoS attacks, in which the KPCA method is used as an anomaly detection model. Wu et al [19] proposed a method to detect LDoS attack flows according to the network multifractal, in which LDoS attacks are confirmed according to the D-value.…”

Section: The Anomaly-based Defense Strategymentioning

confidence: 99%

See 1 more Smart Citation

Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis

Tang

Dai

2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

Denial of service (DoS) attack [1, 2] is a common attack vector, which generally seeks to exhaust the limited network resources, resulting in the legitimate users' requests not being processed. DoS attacks are becoming more widespread, targeting IoT networks [3, 4], SDN networks [5, 6], cloud computing environments [7, 8] and cyber-physical systems [9]. Aiming to combat DoS attacks, many methods have been proposed, in which a common detection method is based on abnormal statistical characteristics. Another type of DoS attack is the low-rate denial of service (LDoS) attack [10-12] that is hard to be accurately detected due to its low-rate nature. Many LDoS attacks have emerged, such as Shrew attacks [13], LoRDAS attacks [14], slow DoS attacks(e.g. Slow Next, SlowComm) [15, 16], etc. These attacks have the same characteristics, that is, they do not need to maintain sustained high-speed attack traffic to cause damage. Among all these attacks, TCP-targeted LDoS attacks are one of the most common LDoS attacks. To reduce the TCP's throughput, the attacker sends packet bursts

show abstract

Section: Results Analysismentioning

confidence: 68%

Section: The Anomaly-based Defense Strategymentioning

confidence: 99%

Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis

Tang

Dai

2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…Several kinds of detection methods, Kalman filtering, wavelet feature extraction, KPCA, and adaptive ν‐SVR are compared, which similarly adopt DWT to analyze signal characteristics. Figure A shows the flow diagram of Kalman filtering–based detection method, which extracts scaling coefficients of sampled data by DWT, calculates the error of 1‐step prediction and optimal estimation, and selects an optimal threshold to detect the LDoS attack.…”

Section: Experiments and Results Analysismentioning

confidence: 99%

“…This approach achieved favorable detection effectiveness, and the DR was obtained by hypothesis test. Zhang et al proposed an adaptive kernel principal component analysis (KPCA) method to defend against LDoS attack. In this method, wavelet multiscale analysis was used to reconstruct low‐ and high‐frequency network traffic groups with continuous samples by a moving window.…”

Section: Introductionmentioning

confidence: 99%

An adaptive network traffic prediction approach for LDoS attacks detection

Zhang

et al. 2017

Int J Communication

Self Cite

View full text Add to dashboard Cite

Low-rate denial of service (LDoS) attacks reduce throughput and degrade quality of service (QoS) of network services by sending out attack packets with relatively low average rate. LDoS attack flows are difficult to detect from normal traffic since it has the property of low average rate. The research on network traffic analysis and modeling shows that network traffic measurement data are irregular nonlinear time series. To characterize and analyze network traffic between attack and non-attack situations, the adaptive normal and abnormal νsupport vector regression (ν-SVR) prediction models are constructed on the basis of the reconstructed phase space. In this paper, the dimension of reconstructed phase space for ν-SVR is optimized by Bayesian information criteria method, and the parameter in the radial basis function is adaptively adjusted by minimizing the within-class distance and maximizing the between-class distance in the feature space. The nonthreshold decision function is obtained through calculating the prediction error of adaptive normal and abnormal ν-SVR prediction models, which is adopted to detect LDoS attacks. Experiments in NS-2 environment show that the adaptive ν-SVR prediction model can effectively predict the network traffic measurement time series, and the probability distribution of time series generated by the adaptive ν-SVR prediction model is quite similar to that of the network traffic measurement data. Experiments also clearly demonstrate the superiority of the proposed approach in LDoS attacks detection.KEYWORDS kernel methods, low-rate denial of service (LDoS), network traffic, nonlinear time series analysis, support vector regression (SVR) of LDoS attacks can be denoted as R × L/T. During LDoS attacking, high intensity pulses are periodically sent to a victim in a specific short interval. The attack duration is short while the time of silence in each period is long, so LDoS attacks attempt to send attack traffic flows at low average rate to elude detection by counter-DoS mechanisms. At present, LDoS detection methods can be divided into frequency domain-based methods and time domain-based methods. 7 In the frequency domain-based methods, He et al 8 proposed a detection system-based wavelet analysis against LDoS attacks, in which the wavelet multiscale analysis was used to extract 5 feature indices of LDoS flows, and back propagation (BP) neural network was used to detect LDoS attacks. Simulation results showed that the detection system-based wavelet analysis can achieve high detection rate (DR) with low computation cost. Wu et al 9 established a spectral energy distribution probability model for detecting LDoS attacks. A probabilistic model was constructed on the basis of LDoS attacks and normal transmission control protocol traffic, and the detection criterion for LDoS attack was calculated by Fourier transform. This approach achieved favorable detection effectiveness, and the DR was obtained by hypothesis test. Zhang et al 10 proposed an adaptive kernel principal component analysi...

show abstract

“…To solve the problems of KPCA mentioned above, many extended methods were developed including fast iterative KPCA (FIKPCA) 14 and adaptive KPCA. 15,16 Adaptive KPCA could flexibly track the characteristics drifting of the process. Moreover, the model should be updated with real-time data, which could affect real-time detection with increasing data.…”

Section: Introductionmentioning

confidence: 99%

Fault detection for turbine engine disk based on an adaptive kernel principal component analysis algorithm

Chen

Zhang

Gao

2016

Proceedings of the Institution of Mechanical Engineers, Part I:

Self Cite

View full text Add to dashboard Cite

For commercial aircraft, real-time fault detection is essential for condition monitoring of rotating engine components, which can improve aviation safety and reduce maintenance cost for airline companies. In this article, based on the adaptive kernel principal component analysis method, a real-time fault detection algorithm is proposed for turbine engine disk condition monitoring. A sample reduction strategy based on the k-nearest neighbors method is presented to speed up the kernel principal component analysis approach while still guaranteeing correct results. To efficiently detect fault, the fault detection model is updated timely to suit the working process of turbine engine disk. Sample clusters are obtained through the k-mean method, and the parameter of the kernel function is adaptively adjusted by minimizing the within-cluster distance and maximizing the between-cluster distance in the feature space. Experiments have demonstrated the superiority of the proposed approach in fault detection for turbine engine disk.

show abstract

An adaptive KPCA approach for detecting LDoS attack

Cited by 21 publications

References 15 publications

Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis

Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis

An adaptive network traffic prediction approach for LDoS attacks detection

Fault detection for turbine engine disk based on an adaptive kernel principal component analysis algorithm

Contact Info

Product

Resources

About