Cargando…
Low-Rate DoS Attacks Detection Based on MAF-ADM
Low-rate denial of service (LDoS) attacks reduce the quality of network service by sending periodical packet bursts to the bottleneck routers. It is difficult to detect by counter-DoS mechanisms due to its stealthy and low average attack traffic behavior. In this paper, we propose an anomaly detecti...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2019
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6982801/ https://www.ncbi.nlm.nih.gov/pubmed/31905728 http://dx.doi.org/10.3390/s20010189 |
| _version_ | 1783491372516376576 |
|---|---|
| author | Zhan, Sijia Tang, Dan Man, Jianping Dai, Rui Wang, Xiyin |
| author_facet | Zhan, Sijia Tang, Dan Man, Jianping Dai, Rui Wang, Xiyin |
| author_sort | Zhan, Sijia |
| collection | PubMed |
| description | Low-rate denial of service (LDoS) attacks reduce the quality of network service by sending periodical packet bursts to the bottleneck routers. It is difficult to detect by counter-DoS mechanisms due to its stealthy and low average attack traffic behavior. In this paper, we propose an anomaly detection method based on adaptive fusion of multiple features (MAF-ADM) for LDoS attacks. This study is based on the fact that the time-frequency joint distribution of the legitimate transmission control protocol (TCP) traffic would be changed under LDoS attacks. Several statistical metrics of the time-frequency joint distribution are chosen to generate isolation trees, which can simultaneously reflect the anomalies in time domain and frequency domain. Then we calculate anomaly score by fusing the results of all isolation trees according to their ability to isolate samples containing LDoS attacks. Finally, the anomaly score is smoothed by weighted moving average algorithm to avoid errors caused by noise in the network. Experimental results of Network Simulator 2 (NS2), testbed, and public datasets (WIDE2018 and LBNL) demonstrate that this method does detect LDoS attacks effectively with lower false negative rate. |
| format | Online Article Text |
| id | pubmed-6982801 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2019 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-69828012020-02-06 Low-Rate DoS Attacks Detection Based on MAF-ADM Zhan, Sijia Tang, Dan Man, Jianping Dai, Rui Wang, Xiyin Sensors (Basel) Article Low-rate denial of service (LDoS) attacks reduce the quality of network service by sending periodical packet bursts to the bottleneck routers. It is difficult to detect by counter-DoS mechanisms due to its stealthy and low average attack traffic behavior. In this paper, we propose an anomaly detection method based on adaptive fusion of multiple features (MAF-ADM) for LDoS attacks. This study is based on the fact that the time-frequency joint distribution of the legitimate transmission control protocol (TCP) traffic would be changed under LDoS attacks. Several statistical metrics of the time-frequency joint distribution are chosen to generate isolation trees, which can simultaneously reflect the anomalies in time domain and frequency domain. Then we calculate anomaly score by fusing the results of all isolation trees according to their ability to isolate samples containing LDoS attacks. Finally, the anomaly score is smoothed by weighted moving average algorithm to avoid errors caused by noise in the network. Experimental results of Network Simulator 2 (NS2), testbed, and public datasets (WIDE2018 and LBNL) demonstrate that this method does detect LDoS attacks effectively with lower false negative rate. MDPI 2019-12-29 /pmc/articles/PMC6982801/ /pubmed/31905728 http://dx.doi.org/10.3390/s20010189 Text en © 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Zhan, Sijia Tang, Dan Man, Jianping Dai, Rui Wang, Xiyin Low-Rate DoS Attacks Detection Based on MAF-ADM |
| title | Low-Rate DoS Attacks Detection Based on MAF-ADM |
| title_full | Low-Rate DoS Attacks Detection Based on MAF-ADM |
| title_fullStr | Low-Rate DoS Attacks Detection Based on MAF-ADM |
| title_full_unstemmed | Low-Rate DoS Attacks Detection Based on MAF-ADM |
| title_short | Low-Rate DoS Attacks Detection Based on MAF-ADM |
| title_sort | low-rate dos attacks detection based on maf-adm |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6982801/ https://www.ncbi.nlm.nih.gov/pubmed/31905728 http://dx.doi.org/10.3390/s20010189 |
| work_keys_str_mv | AT zhansijia lowratedosattacksdetectionbasedonmafadm AT tangdan lowratedosattacksdetectionbasedonmafadm AT manjianping lowratedosattacksdetectionbasedonmafadm AT dairui lowratedosattacksdetectionbasedonmafadm AT wangxiyin lowratedosattacksdetectionbasedonmafadm |