Research On LDoS Attack Detection Based On Shared Nearest Neighbor Clustering And Outlier Factor Algorithm

The rapid development of the Internet brings convenience to people's life,but accompanies a series of network security problems.Denial-of-service(Do S)attacks are common in network security threats and do great harm.Slow denial-of-service(LDo S)attacks are a derivative form of Do S attacks.The attacks are carried out with low traffic periodically and have good concealment.However,the existing LDo S attack detection methods also have the problems of low detection accuracy,high false alarm rate and missing alarm rate.So this paper conducts the corresponding research on LDo S attack detection methods.This paper analyzes and compares the traffic data under different network environments,and finds that the TCP and UDP traffic under the network environment including LDo S attack will have a violent shock,while the TCP and UDP traffic under the normal network will tend to be relatively stable,and accordingly selects the corresponding discrete characteristics to reflect the internal characteristic changes of network traffic.In order to apply the selected feature data to the detection,the concept of the traffic detection unit is introduced,and several detection methods for the detection of LDo S attack in the network are proposed for the discrete feature data in the detection unit.In this paper,a detection method based on Shared neighbor clustering is firstly proposed.Flow characteristics of the method to select as input data,using Shared nearest similarity measure detection unit characteristic similarity between samples,and then use the density clustering algorithm for testing,the test will be will be the similar characteristics of the testing samples gathered in the same cluster,thus the output for the divided data cluster,reach the purpose of detecting attacks.The detection method is used in different network environments.To further analyze the output cluster,this paper proposed a detection method based on outlier factor algorithm,the detection method by giving a detection unit sample is used to measure the degree of abnormal outliers,by training the threshold value of outliers and compare the test sample of outliers,and then output the abnormal sex for testing samples.Experiments are carried out in different network environments by using this method.Because of the advantages and characteristics of the two kinds of detection methods,a collaborative detection method based on shared neighbor clustering and outlier factor analysis is proposed.Based on NS-2 platform and experimental bed,relevant experiments are carried out to verify the feasibility and effectiveness of the detection method.Through comparative experimental analysis,it can be seen that this collaborative detection method has a high detection accuracy and a low false alarm rate and missing alarm rate.