Research On LDoS Attacks Detection Method Based On Coefficient Of Variation And Hellinger Distance

As an improvement of traditional DoS (Denial of Service) attacks, the LDoS(Low-rate Denial of Service) attack is very hazardous and has stronger concealment.Because of the high concealment of LDoS attacks, traditional DoS attacks detectionmethods cannot effectively detect it, and current LDoS attacks detection methods stillhave some shortcomings. Therefore, it has great theoretical value and practicalsignificance to research an attack detection method which can detect LDoS attackseffectively.Through the analysis of the LDoS attack’s principle and characteristics, thedifficulty of detecting the LDoS attacks is pointed out. To emphasize the essentials of theproblems, three typical network scenarios are considered. Through the analysis of thefluctuations of TCP (Transmission Control Protocol) data flow in the three scenarios, it isfound that a significant difference in the dispersion degree of TCP data flow exists whenLDoS attacks occur compared to the case without any attack in the network. Based onthis observation, the difference is measured by using the coefficient of variation instatistics, and furthermore, an LDoS attacks detection method based on the coefficient ofvariation is proposed.According to the deficiencies in the LDoS attacks detection method based on thecoefficient of variation, the Bhattacharyya Coefficient and Hellinger Distance areintroduced to measure the difference in probability distribution of the TCP data flow indifferent network scenarios. Then, an LDoS attacks detection method based on HellingerDistance is proposed. By considering practicality and effectiveness, a detection systemcalled LBDS (LDoS Blend Detection System) is designed by combining the twodetection methods, i.e., the coefficient of variation and Hellinger Distance. Thecorresponding detection rules and detection algorithm have been presented.The effectiveness of LBDS is verified using public datasets and simulation. Theexperimental results show that the proposed LBDS detection system is capable ofdetecting the majority of LDoS attacks. It has a low rate of false positives and false negative rate, and this proves the feasibility and effectiveness of the LBDS detectionsystem for LDoS attacks detection.