Research On Response Schemes For LDoS Attack Based On Analyses Of Flow Table Statistics Traffic And Port Traffic

Low-rate Denial of Service(LDoS)attack is a variant of Denial of Service(DoS)attack.It reduces the response quality of servers with the help of periodic bursts of short duration and high rate.LDoS attack not only damages the performance of network transmission system,but also has low attack cost,strong concealment,and difficult to detect and defense.So LDoS attack is a serious threat to network security.Researches and explorations of its response method have great values of theoretical and practical.Most of the existing researches on response method of LDoS attack rely on traditional networks.However,the low scalability and flexibility of network forwarding devices make it very difficult to deploy extended modules in traditional networks to achieve online response.Therefore,there is a problem of lack of online response methods of LDoS attack.This paper uses Software Defined Networking(SDN)to solve this problem.SDN achieves the separation of control functions and data functions and enhances the scalability of the networks.To address the current lack of online response methods of LDoS attack,a response scheme of LDoS attack based on the Two Phase Detection(TPD)and the Attacker Locating based Mitigation(ALM)is proposed.The proposed method uses the TPD method to detect attack and the ALM method to filter malicious attack traffic in SDN to achieve online detection and mitigation of LDoS attack.The TPD method is based on flow table statistics traffic and port traffic,combining two detection functions to continuously monitor LDoS attack in the networks.If the attack is detected,the ALM method uses the Sequence Matching based Dynamic Series Analyzing(SMDSA)algorithm to locate the attacked port and the attacker,and achieves filtering of attack packets by issuing the corresponding blocking flow table rule.The SMDSA algorithm is a new algorithm that distinguishes the attacked port from benign ports by calculating the Anomaly Score(AS)of each port’s traffic.The experimental results show that the method has 92.19% detection accuracy and takes an average of 7.5444 s to achieve complete mitigation of attack,indicating that the response method can achieve accurate detection and effective mitigation of LDoS attack,but there is the problem that the method takes a long time to take effect.To address the problem of low efficiency and long time taking of LDoS attack response method based on the TPD and the ALM,a response scheme of LDoS attack based on the Fine-grained Detection(FGD)and the Fast Mitigation(FM)is proposed.The method uses the FGD method to detect LDoS attack and the FM method to filter malicious attack traffic in SDN,saving the time to detect and mitigate LDoS attack.The FGD method combines sequence matching and the Adaptive Kohonen Network(AKN)algorithm to detect each attack burst of LDoS attack in a fine-grained manner based on analysis of flow table statistics traffic.The AKN algorithm is an improved algorithm for Kohonen Network(KN).If an attack burst is detected,the FM method uses the Dynamic Time Warping(DTW)algorithm to measure the similarity of incoming traffic of each port to aggregated traffic to locate the attacked port,and filters attacked packets by installing flow table rule on the switch.The experimental results show that the method can accurately detect each attack burst of 95.96%accuracy,and it takes an average of 4.9725 s to achieve complete mitigation of attack,indicating that the response method can filter attack traffic efficiently and quickly.The proposed two response methods of LDoS attack both have good detection and mitigation effects,which are of great reference significance for the implementation of online response mechanisms of LDoS attack and have important theoretical value in maintaining network security.