Research On LDoS Attacks Detection Method Based On Chi-square Distance And AEWMA

The data of LDoS attacks, often mixed in the valid data, is relatively hidden anddifficult to be detected. At present, the research about LDoS attack detection is stillremained at the primary stage. Although there are a few detection methods that can, tosome degree, detect certain types of LDoS attacks, they still have many deficiencies.Therefore, to explore a new and effective method of LDoS attack detection, which iscapable of real-time detection, is significant, both theoretically and practically, to theimprovement of the security of network systems.The research takes a summary of the patterns and types of LDoS attacks, points outthe difficulty of LDoS attack detection, and analyses the existed typical LDoS attackdetection methods.The analysis of the characteristics of frequency distribution of valid TCP flow andother flow on the network shows that there is a large discrepancy in frequency distributionbetween the two types of flow, whether they are attacked by LDoS or not. So the"distance" metrics is introduced, and, on this basis, an LDoS attack detection methodbased on the chi-square distance, as well as the corresponding detection algorithm is putforward, followed by a detailed discussion about the parameters which affect the accuracyof the test results. Finally, the efficiency of this method is testified by simulationexperiments.An analysis about the morphological differences of valid TCP flow in a variety ofsituations is given, which summarizes the characteristics of the effective distribution ofTCP flows under various scenarios. Then, an LDoS attack detection method based onAEWMA is proposed. And an in-depth discussion on the relevant parameters involved inthe criterion is also adopted. Finally, the efficiency of this method is testified bysimulation experiments.As the analysis about the shortage of the two independent methods mentioned above demonstrates that they two are highly complementary to each other, a comprehensiveLDoS attack detection method which combines them both is established. The simulationexperiments show that the new comprehensive detection method, compared with theoriginal two ones, has a higher detection accuracy rate and a lower Non-response rate andfalse positive rate.