2017
DOI: 10.1155/2017/3691629
|View full text |Cite
|
Sign up to set email alerts
|

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Abstract: Low-rate Distributed Denial-of-Service (low-rate DDoS) attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement-expectation of packet size-that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of re… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
41
0
1

Year Published

2018
2018
2023
2023

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 57 publications
(43 citation statements)
references
References 19 publications
1
41
0
1
Order By: Relevance
“…Zhou et al [99] proposed an Expectation of Packet Size (EPS)-based method to distinguish LDDoS attacks from legitimate traffic. They classified packets that share the same destination address into flows and calculated EPS value of each flow at different time.…”
Section: Detection Methods Against Low-rate Ddos Flooding Attacksmentioning
confidence: 99%
See 1 more Smart Citation
“…Zhou et al [99] proposed an Expectation of Packet Size (EPS)-based method to distinguish LDDoS attacks from legitimate traffic. They classified packets that share the same destination address into flows and calculated EPS value of each flow at different time.…”
Section: Detection Methods Against Low-rate Ddos Flooding Attacksmentioning
confidence: 99%
“…Another way is to find the similar characteristics (such as packet size, packet rate, etc.) of packets generated by the same botnet to detect LDDoS flooding attacks [94,95,99]. Also, utilizing the distinct behaviors of LDDoS flooding attacks is an effective detection method [100,101].…”
Section: Detection Methods Against Low-rate Ddos Flooding Attacksmentioning
confidence: 99%
“…The reaction module component, based on its rule engine, makes a decision to take a proper countermeasure to mitigate the attack, step (7). It might imply adding, for instance, new filtering rules to drop, or divert the traffic coming from a particular infected bot IoT device that is performing a low-rate DDoS attack.…”
Section: Traffic Filtering Process Designmentioning
confidence: 99%
“…Low-Power Wide-Area Network (LPWAN) protocols employed in IoT scenarios, such as NB-IoT [5] defined in 3GPP 13 release [6], are not ideal environments to perpetrate DDoS based on high-rate brute force attacks, due to their associated low bit rate (60kpps uplink). Nonetheless, variants of DDoS attacks, based on low-rate methods [7], fit perfectly in these environments, since they exploit techniques such as sending partial HTTP requests, sending small packets, or keeping sessions open from going to idle time-out.…”
Section: Introductionmentioning
confidence: 99%
“…In low-rate DDoS ambush acknowledgment, for example, an ordinary imprint used in the imprint based estimation is the impacted (beat) period. The burst time period is commonly used by low-rate DDoS aggressors to examine the homogeneity of the base retransmission break (RTO), and a comprehensively applied estimation of the burst time span is 1 second in such disclosure estimations [9]. Regardless, a continuous report displayed that this value isn't right, as it doesn't consider the framework condition, for example, traffic blockage, especially when an ambush is advancing [10].…”
Section: Introductionmentioning
confidence: 99%