Research On A Cooperative Detection Method For Low-rate Denial Of Service Attacks

Today's world is highly dependent on the internet,although enjoy it's services,but also suffer the vulnerabilities.Denial of Service(DoS)attacks are typical examples of causes compromised networks.Low-rate denial of service attack(LDoS)is a special DoS attack.Its attack effect is similar to that of a traditional DoS attack,but its concealment is better.The existing detection methods of LDoS attacks generally have the defects of high detection cost and high false alarm rate.Therefore,the detection method of LDoS attacks still needs further research in order to obtain a more efficient detection method.This article defines three different network environments based on actual networks.There are significant differences in the distribution and fluctuation of TCP traffic in the three network environments.In this paper,based on the phenomenon that the distribution of TCP traffic tends to be dispersed on large time scales in the network environment where LDoS attacks occur,and the TCP traffic tends to concentrate in the other two network environments,a two-step clustering algorithm is used to detect LDoS attacks and LDoS will occur.The attack traffic is separated from the network traffic.By analyzing the fluctuation patterns of TCP traffic on small time scales in the three network environments,it is found that TCP traffic fluctuates on small time scales in the network environment where LDoS attacks occur,and the TCP traffic fluctuations in the other two network environments tend to be stable.The concept of data slice is proposed,and whether the data slice is abnormal is judged according to the relevant threshold.An abnormal data slice analysis algorithm is proposed to detect LDoS attacks,and whether the current network traffic contains an LDoS attack is detected according to the proportion of abnormal data pieces in the network to be tested.The feasibility and effectiveness of these two methods are verified through experiments.However,these two methods also have their own usage scenarios and characteristics.The two-step cluster analysis algorithm has fast detection speed but there is a certain false alarm rate.The abnormal data slice analysis algorithm has high detection accuracy,low false alarm rate but slow detection speed.Based on the complementarity of the advantages of the two detection methods,this paper proposes a collaborative detection method to detect LDoS attacks.The two detection methods adopt a serial detection method,which can ensure the high detection accuracy and low false alarm rate.The test results are obtained in a shorter period of time at a lower detection cost.Finally,the feasibility,effectiveness and accuracy of the collaborative detection algorithm based on NS-2 platform and public data set LBNL are verified.The experimental results show that the cooperative detection method can effectively detect LDoS attacks with high detection accuracy,low false alarm rate and fast detection speed.