Research On Detection Methods For Low-rate Denial Of Service Attack Based On Network Traffic Features

Low-rate denial-of-service(LDoS)attack is a variant of denial-of-service(DoS)attacks.It exploit the design flaws of the adaptive mechanism in the network protocol to launch attacks,and have better concealment.LDoS attack have the characteristics of periodicity and low average rate,which makes it difficult for traditional DoS attack detection methods to detect LDoS attack.In addition,existing LDoS attack detection methods generally have the disadvantages of low detection accuracy and insufficient adaptability.Therefore,LDoS attack have formed a serious threat to network security,and in-depth research on its detection methods has important theoretical value and practical significance.Network data has a large number of mathematical features,which will be in a relatively stable range when the network is in a steady state.The periodic,s hort-time high pulses sent by the LDoS attack will destroy the stability of the network,resulting in anomalies in the feature space of the network data,and many features deviate from the normal interval.When the network characteristics change,normal ne twork traffic and network traffic containing LDoS attack can be regarded as two types of network traffic,so they can be identified by the classifier.Based on this fact,this paper proposes two LDoS attack detection methods.The first detection method is an LDoS attack detection method based on multi-feature fusion and CNN algorithm.Since the network space is a complex dynamic environment,and there are many kinds of noise,it is difficult to judge whether the network is in an abnormal state due to the ch ange of a single feature.Therefore,this method uses multi-feature fusion,which can more accurately characterize changes in the network state.Firstly,the method extracts the feature data of network traffic through feature calculation and converts the f eature data into feature maps through feature fusion.Secondly,the method constructs a CNN model,which uses network traffic feature maps for training.The model can remember the normal and abnormal state of the network,and thus has the ability to identify LDoS attack.The method was tested on NS2 platform and test-bed platform to verify its feasibility and effectiveness.Experimental results show that this method can effectively detect LDoS attack.The second detection method is an LDoS attack detection method based on network traffic multi-features and improved Adaboost algorithm.LDoS attack have different effects on different network traffic characteristics.Therefore,the method further selects features based on feature calculation.First ly,this method constructs a network traffic feature set based on the analysis of network traffic,which is used for feature calculation and feature selection.Secondly,the method uses the improved Adaboost algorithm to classify network traffic and realize the ide ntification of LDoS attack traffic.The improved Adaboost algorithm solves the problem of sample weight imbalance in traditional algorithm.The experimental results of the NS2 platform and the test-bed platform show that this method can effectively detect LDoS attack,with higher detection accuracy and better stability.The two methods have good detection performance and self-adaptive ability,and can well identify LDoS attack in networks.Therefore,the research achievements of this paper have positive significance for maintaining network security.