Detection method of LDoS attack based on ACK serial number step-length

被引：0

作者：

Wu Z. ^{[1
]}

Pan Q. ^{[1
]}

Yue M. ^{[1
]}

机构：

[1] School of Electronic Information & Automation, Civil Aviation University of China, Tianjin

来源：

Tongxin Xuebao/Journal on Communications | 2018年 / 39卷 / 07期

基金：

中国国家自然科学基金;

关键词：

ACK serial number step-length; Detection; Low-rate denial of service; Permutation entropy;

D O I：

10.11959/j.issn.1000-436x.2018126

中图分类号：

学科分类号：

摘要：

Low-rate denial of service (LDoS) attack is a potential security threat to big data centers and cloud computing platforms because of its strong concealment. Based on the analysis of network traffic during the LDoS attack, statistical analysis was given of ACK packets returned by the data receiver to the sender, and result reveals the sequence number step had the characteristics of volatility during the LDoS attack. The permutation entropy method was adopted to extract the characteristics of volatility. Hence, an LDoS attack detection method based on ACK serial number step permutation entropy was proposed. The serial number was sampled and the step length was calculated through collecting the ACK packets that received at the end of sender. Then, the permutation entropy algorithm with strong time-sensitive was used to detect the mutation step time, and achieve the goal of detecting LDoS attack. A test-bed was designed and built in the actual network environment for the purpose of verifying the proposed approach performance. Experimental results show that the proposed approach has better detection performance and has achieved better detection effect. © 2018, Editorial Board of Journal on Communications. All right reserved.

引用

页码：139 / 147

页数：8

共 18 条

[1] Kuzmanovic A., Knightly E.W., Low-rate TCP-targeted denial of service attacks and counter strategies, IEEE/ACM Transactions on Networking, 14, 4, pp. 683-696, (2006)
[2] Kuzmanovic A., Knightly E.W., Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants, ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 75-86, (2003)
[3] Wen K., Yang J.H., Zhang B., Survey on research and progress of low-rate denial of service attacks, Journal of Software, 25, 3, pp. 591-605, (2014)
[4] He Y.X., Liu T., Cao Q., Et al., A survey of low-rate denial-of-service attacks, Journal of Frontiers of Computer Science and Technology, 2, 1, pp. 1-19, (2008)
[5] Kwok Y.K., Tripathi R., Chen Y., Et al., HAWK: halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks, International Conference on NETWORKING and Mobile Computing, pp. 423-432, (2005)
[6] Xiang Y., Li K., Zhou W., Low-rate DDoS attacks detection and trace back by using new information metrics, IEEE Transactions Information Forensics and Security, 6, 2, pp. 426-437, (2011)
[7] Yuhei H., Jia Y.Z., Satoshi N., Method for detecting low-rate attacks on basis of burst-state duration using quick packet-matching function, IEEE International Symposium on Local and Metropolitan Area Networks, pp. 1-2, (2017)
[8] Cheng C.M., Kung H., Tan K.S., Use of spectral analysis in defense against DoS attacks, IEEE Global Telecommunications, pp. 2143-2148, (2002)
[9] He Y.X., Cao Q., Liu T., Et al., A low-rate Dos detection method based on feature extraction using wavelet transform, Journal of Software, 20, 4, pp. 930-941, (2009)
[10] Paul C., Myong K., Alexander V., Spectral analysis of low rate of denial of service attacks detection based on fisher and Siegel tests, IEEE International Conference on Communications(ICC), pp. 1-6, (2016)

← 1 2 →