| Denial of service attacks have been a significant impact on the Internet. As a newkind of DoS attack, Low rate denial of service attacks are more efficient and moreconcealed compared with the traditional DoS attacks. The detection methods fortraditional DoS attacks are difficult to work on LDoS attacks. Meanwhile, the existingLDoS attacks detection methods have a variety of defects. Therefore, exploring effectiveLDoS attacks detection methods is very urgent and significant.Based on the description of the principle of LDoS attacks, the relationship betweenthe parameters and attack effect is analyzed. In addition, the effects of LDoS attacks onnetwork traffic are elaborated.In order to analyze the TCP data traffic characteristics when LDoS attacks occurring,three typical network scenarios are summarized, on which the form of abnormaldistribution and abnormal changes of TCP data traffic are characterized. On the basis ofthe abnormal distribution on TCP data traffic, a judgment criterion is established inaccordance with Exponentially Weighted Moving Average algorithm. On the basis of theabnormal changes of TCP data traffic, a judgment criterion is established in accordancewith the difference of entropy. On the basis of the abnomal distribution and abnormalchanges on TCP data traffic, a LDoS attacks method is proposed.To verify the effectiveness of the LDoS attacks detection method, experiments basedon simulation and DARPA99(Defense Advanced Research Projects Agency1999) dataset have been done. The experimental results have proven that the LDoS attacksdetection method can get high detection efficiency and high detection accuracy with alow false and missing detection rate. |
PDF Full Text Request