Loading…
Detecting LDoS Attacks based on Abnormal Network Traffic
By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the at...
Saved in:
Published in: | KSII transactions on Internet and information systems 2012, 6(7), , pp.1831-1853 |
---|---|
Main Author: | |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the attack stream with feature matching, and only a limited number of attack patterns can be detected off-line with high cost. Recent researches divert focus from the attack stream to the traffic anomalies induced by LDoS attacks, which can detect more kinds of attacks with higher efficiency. However, the limited number of abnormal characteristics and the inadequacy of judgment rules may cause wrong decision in some particular situations. In this paper, we address the problem of detecting LDoS attacks and present a scheme based on the fluctuant features of legit TCP and acknowledgment (ACK) traffic. In the scheme, we define judgment criteria which used to identify LDoS attacks in real time at an optimal detection cost. We evaluate the performance of our strategy in real-world network topologies. Simulations results clearly demonstrate the superiority of the method proposed in detecting LDoS attacks. KCI Citation Count: 4 |
---|---|
ISSN: | 1976-7277 1976-7277 |
DOI: | 10.3837/tiis.2012.07.007 |