| LDoS(Low-Rate Denial of Service) attack exploits the deficiencies in the congestion avoidance mechanism of TCP protocol, and launches high intensity attack flow in short periodic bursts to the victim at a particular time. The system state switches between unstable and stable unceasingly, making the transmission performance of network degraded. The average flow of low-rate denial of service(LDoS) attack occupies a little of the normal traffic,and LDoS attack flows are completely hidden in the normal traffic. It is a challenging task to detect and filter LDoS attack flows.According to the analysis of LDoS attack traffic and normal TCP traffic in time and frequency domain, the periodicty of TCP traffic and LDoS attack traffic are explored. Hence,an approach of LDo S attack traffic filtering based on frequency spectrum analysis is proposed.In this appraoch, the TCP traffic and LDoS attack traffic are transformed from time domain to frequency domain, and the round-trip time(RTT) is estimated by using frequency domain search method. Anaylsis of amplitude spectrums shows that TCP traffic energy is mainly concentrated at the points of n/RTT. Therefore, a comb filter is designed by using infinite impulse response(IIR) filter to filter out the LDoS attack traffic in frequency domain, while most normal TCP traffic energy passes through the points of n/RTT. Simulation results show that the proposed appraoch can effectively filter the LDoS attack traffic while slightly affect the normal TCP traffic. |
PDF Full Text Request