Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

Rios, Vinícius de Miranda; Inácio, Pedro R. M.; Magoni, Damien; Freire, Mário M.

doi:10.1109/access.2022.3191430

Cited by 24 publications

(9 citation statements)

References 108 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A high-speed network enables fast and effective communication between computers [16] [17] [18] 4 of 25 ernet, 100 Gigabit Ethernet, and InfiniBand [22]. A Cisco Report prernet protocol may cross 4.3 zettabytes in 2023, which is 1879 exabytes ].…”

Section: Architecture Of High-speed Networkmentioning

confidence: 99%

“…In recent years, there have been several reviews in the literature of DoS attacks. For example, the authors of [ 16 ] presented the taxonomy of low-rate DoS attacks based on a three-layer modus operandi. The review included slow rate, service queue, and Quality of Service (QOS) attacks and described the various detection approaches against eight low-rate DoS attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

High-Speed Network DDoS Attack Detection: A Survey

Haseeb-ur-rehman,

Aman,

Hasan

et al. 2023

Sensors

View full text Add to dashboard Cite

Having a large number of device connections provides attackers with multiple ways to attack a network. This situation can lead to distributed denial-of-service (DDoS) attacks, which can cause fiscal harm and corrupt data. Thus, irregularity detection in traffic data is crucial in detecting malicious behavior in a network, which is essential for network security and the integrity of modern Cyber–Physical Systems (CPS). Nevertheless, studies have shown that current techniques are ineffective at detecting DDoS attacks on networks, especially in the case of high-speed networks (HSN), as detecting attacks on the latter is very complex due to their fast packet processing. This review aims to study and compare different approaches to detecting DDoS attacks, using machine learning (ML) techniques such as k-means, K-Nearest Neighbors (KNN), and Naive Bayes (NB) used in intrusion detection systems (IDSs) and flow-based IDSs, and expresses data paths for packet filtering for HSN performance. This review highlights the high-speed network accuracy evaluation factors, provides a detailed DDoS attack taxonomy, and classifies detection techniques. Moreover, the existing literature is inspected through a qualitative analysis, with respect to the factors extracted from the presented taxonomy of irregular traffic pattern detection. Different research directions are suggested to support researchers in identifying and designing the optimal solution by highlighting the issues and challenges of DDoS attacks on high-speed networks.

show abstract

Section: Architecture Of High-speed Networkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

High-Speed Network DDoS Attack Detection: A Survey

Haseeb-ur-rehman,

Aman,

Hasan

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Reviews of LDoS attacks exist [43,1,44,3,45], but none relates to resource-constrained ICPS. Similarly, some surveys review security concerns of the cyber-physical systems using ML/DL [46][47][48][49][50][51]; however, they do not cover LDoS or their detection.…”

Section: Literature Reviewmentioning

confidence: 99%

“…(3) LDoS attack utilises TCP/IP protocol's three-way handshake mechanism where control measures look normal; however, this can reduce the quality of service [1,2]. LDoS attack is categorized into Quality of Services (QoS), SRA, and Service-Queue attacks based on the damage to the protocols [3]. SRA slow down application layer protocols by exploiting the methods and characteristics of these protocols' architecture and/or by causing buffer overflow (sharp increase in request-servicing time) [4].…”

Section: Introductionmentioning

confidence: 99%

“…In binary detection, optimised OSELM is trained to categorise the traffic into normal or attack traffic. In multi-class detection, optimised OSELM is trained to classify traffic into normal or different slow-rate attack types: Slowloris, Golden Eye, SlowHTTPTest, and Hulk [3]. The framework also includes the prediction component where the optimised OSELM is used in the evaluation/prediction of the new and unseen incoming traffic.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Light-Weight Slow-Rate Attack Detection Framework for Resource-Constrained Industrial Cyber-Physical Systems

Zahid,

Kuo,

Sinha

2023

Preprint

View full text Add to dashboard Cite

Industrial Cyber-Physical Systems (ICPS) are heterogenous computer systems interacting withphysical processes in an industrial environment. The high degree of distribution and interconnectedness poses significant security threats to ICPS, including Slow−Rate Attacks (SRA ). SRA often exploit system vulnerabilities arising from the inherent limitations of resource-constrained ICPS computers like programmable logic controller (PLC). Existing literature identify several challenges in detecting and classifying SRA in resource-constrained ICPS. In this article, we propose an optimised Online Sequential−Extreme Learning Machine (OSELM)-based, novel light-weight active security framework for SRA detection. We reduce the memory and space footprint of OSELM through optimisation techniques for deployment in resource-constrained ICPS. Also, we introduce a simple stratified k-fold cross training method to improve the binary and multi-class SRA- detection capability of the proposed framework, focusing on performance and accuracy of attack detection. Experimental results demonstrate that our proposed framework can effectively and efficiently detect binary and multi-class SRA with an accuracy of 0.975 and 0.96 with average detection times of 0.03 and 0.04 sec, respectively, using less than 3 MB of memory and 10-12% of CPU usage in PLC-based ICPS.

show abstract