Title :
The approach of detecting LDoS attack based on correlative parameters
Author :
Wu, Zhijun ; Liu, Limin ; Liu, Xingchen
Author_Institution :
Sch. of Electron. & Inf. Eng., Civil Aviation Univ. of China, Tianjin, China
Abstract :
Low-rate Denial of Service (LDoS) attacks and TCP flows are be modeled in the time and frequency domain for the purpose of analyzing the signatures and extracting LDoS attack´s period T and length L. A simulated LDoS attack signal is constructed based on the extracted parameters of T and L. The correlation between the signal of simulated LDoS attack and the hybrid signal (TCP flow plus LDoS attack) is calculated. To compare the correlation value with a detect threshold, which is determined through experiments. If the correlation value is exceeds the threshold, the LDoS attack is determined. The proposed method has been tested totally 1500 times in NS-2 environment and 200 times in real network environment with different parameters of T and L. Experimental results show that the false negative alarm rate PFN is less than 1.1%, the false positive alarm rate Pτρ are less than 0.8%, and the detect rate PD is more than 98%.
Keywords :
computer crime; computer network security; correlation theory; signal processing; transport protocols; LDoS attack detection; NS-2 environment; TCP flow; correlative parameter; false negative alarm; frequency domain; low-rate denial of service attack; parameter extraction; real network environment; threshold detection; time domain; Analytical models; Computer crime; Correlation; Delay; Detection algorithms; Floods; Frequency domain analysis; Correlation; Denial of Service; Frequency domain; Low-rate TCP attack;
Conference_Titel :
Multimedia Technology (ICMT), 2011 International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-1-61284-771-9
DOI :
10.1109/ICMT.2011.6003045
