Research On Detection Methods For LDoS Attacks Based On Analysis Of Network Traffic Characteristics

The Low-rate Denial of Service(LDoS)attack is a new type of Denial of Service(Do S)attack,which can significantly reduce and limit network traffic and can easily evade the existing mechanisms of detection and prevention for the Do S attack.This kind of attack does not need to maintain the high-speed attack flows to exhaust the resources of the victim like the traditional Do S attack,it uses the vulnerabilities of self-adaptive mechanisms in the network protocols or the application services to carry on the intelligent attack and sends the attack flows periodically to reduce the service quality of the victim.Therefore,its great destructiveness,small attack cost,and strong concealment make it difficult to detect and defend.The LDoS attack has become a serious threat to network security,so it is of great theoretical value and practical significance to research its detection methods deeply.The network traffic itself has a large number of performance characteristics,which are relatively stable and change little when the network is in a steady state.However,the periodic,short-term,high-pulse LDoS attack will destroy the stability of the network,and accordingly leads to abnormalities in these performance characteristics,causing them to fluctuate greatly and deviate from the normal range.Some existing LDoS attack detection methods have some limitations in the detection effect.In order to get better detection effect,this paper analyzes the fractal characteristics and time-frequency characteristics of different network traffic by acquiring network traffic in different environments,studies the differences between the two characteristics,and proposes two LDoS attack detection methods.According to the statistical fractal characteristics of real network traffic,LDoS attack flow will cause the fractal characteristics of network traffic to be abnormal.And an LDoS attack detection method based on fractal residual is proposed in this paper.The fractal characteristics of network traffic in different environments are firstly analyzed.Due to the bad distinction between the different stages of the LDoS attack based on the fractal characteristics of network traffic,the fractal residual difference between different traffic is further analyzed in this paper.By training the fractal residual values of normal traffic,the anomaly detection model is constructed and the LDoS detection standard is further established to accurately identify the LDoS attack.The method is tested on the NS2 platform and the testbed platform to verify its feasibility and effectiveness.Experimental results show that the method can effectively detect the LDoS attack.According to the abnormal time-frequency characteristics of network traffic caused by the LDoS attack,an LDoS attack detection method based on Frequency Slice Wavelet Transform(FSWT)time-frequency distribution is proposed in this paper.Firstly,the time-frequency distribution between different network traffic is analyzed by FSWT and their performance differences between time-frequency distribution are compared.Secondly,three important features are selected and a detection model is built by training the SVM classification.And the LDoS detection standard is further established to identify the LDoS attack.The experimental results of the NS2 platform and the testbed platform show that this method can effectively detect the LDoS attack with good detection accuracy.The two proposed LDoS attack detection methods have good detection performance,which can better identify the LDoS attack in the network and have a positive meaning for defending network attacks and maintaining network security.