| With the continuous advancement of computer technology, network application development is exploding rapidly; however, network attacks for various purposes are endless. As a new type of Denial of Service (DoS) attacks, low-rate denial of service (LDoS) attacks have a lower attack rate, a higher attack efficiency, and is more difficult to detect compared with previous denial of service. Therefore, the research and design on a kind of high-performance LDoS attack detection method has important theoretical and practical significance. The kind of high-performance LDoS could detect in real time as well as online, has a higher detection rate and lower false alarm rate.Starting from network congestion control mechanism, the article has discussed the causes of network congestion, the changes of network status in congestion control and the design flaw of congestion control method. According to the change characteristic of TCP flow when the network is attacked by LDoS, the article proposes a LDoS attack detection method based on Shewhart control chart. In addition, the corresponding detection algorithm are presented in this article and its time and space complexity are also be analyzed.In order to verify and evaluate the result of detection based on the method of Shewhart control chart, the NS2 software is used to design a LDoS network simulation environment, whose experimental parameters are determined by some analysis. The results show that LDoS attack detection based on the Shewhart control chart theory can effectively detect the LDoS attack. It has a high detection rate, low false alarm rate and low false negative rates. At the same time, in the process of detecting, lower amount of data needs processed. And the method, which applies to the existing network protocols, can not only be quickly deployed to routers and servers of medium-sized backbone network but also detect LDoS attack in real time on line. |
PDF Full Text Request