| Low-rate denial-of-service attack spreads into large network traffic by launching a periodic attack stream.Because of its low average rate per attack traffic,can avoid most commonly used Do S attack detection methods,cloud computing and big data platform constitutes a potential threat.In order to reduce the impact of LDo S attack on network environment,it is necessary to detect traffic mixed with LDo S attack pulse from complex network environment and separate it from normal background traffic.In order to deal with low-rate denial-of-service attacks,this paper proposes two detection methods from the global and local perspectives.First LDo S attack detection method based on Hurst index and GBDT is proposed.This method calculates the piecewise Hurst index of each traffic,constructs the traffic similarity matrix,then classifies and predicts the traffic using the improved GBDT model XGBoost,and distinguishes the normal traffic from the abnormal OD flow with LDo S attack from the perspective of the whole network.Second aiming at the correlation analysis of attack pulse sequences in abnormal traffic,and referring to the sequence alignment technique in bioinformatics,a base is proposed.In the LDo S attack detection method based on sequence alignment,each network traffic is regarded as a time series.By estimating the attack period,attack pulse width,attack rate,the detection sequence is constructed and compared with the target traffic sequence.Thus,the LDo S attack pulse hidden in the huge background traffic is extracted.The detection methods in this paper are verified in Abilene,NS-2 and Test-bed.The experimental results show that the global LDo S attack traffic detection method based on Hurst index and GBDT is good at different attack rates.The LDo S attack detection method based on sequence alignment is also more accurate to extract attack pulses and has better detection performance than other correlation detection algorithms. |
PDF Full Text Request