基于简单统计特征的LDoS攻击检测方法

段雪源; 付钰; 王坤; 李彬

doi:10.11959/j.issn.1000-436x.2022216

您当前的位置：

首页 >

文章列表页 >

基于简单统计特征的LDoS攻击检测方法

学术论文 | 更新时间：2024-06-05

- 基于简单统计特征的LDoS攻击检测方法
- LDoS attack detection method based on simple statistical features
- 通信学报 2022年43卷第11期页码：53-64
- 作者机构：
  
  1. 海军工程大学信息安全系，湖北武汉 430033
  2. 信阳师范学院计算机与信息技术学院，河南信阳 464000
  3. 信阳师范学院河南省教育大数据分析与应用重点实验室，河南信阳 464000
  4. 信阳职业技术学院数学与信息工程学院，河南信阳 464000
- 作者简介：
  
  [ "段雪源（1981− ），男，河南开封人，海军工程大学博士生，主要研究方向为人工智能、信息处理、网络安全" ]
  [ "付钰（1982− ），女，湖北武汉人，博士，海军工程大学教授、博士生导师，主要研究方向为信息安全、人工智能" ]
  [ "王坤（1981− ），女，河南信阳人，海军工程大学博士生，主要研究方向为信息安全" ]
  [ "李彬（1998− ），男，湖南娄底人，海军工程大学硕士生，主要研究方向为信息安全、人工智能" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFB0804104)
- DOI：10.11959/j.issn.1000-436x.2022216
  中图分类号： TP391
- 网络出版日期：2022-11，
  
  纸质出版日期：2022-11-25
- 稿件说明：
移动端阅览
段雪源, 付钰, 王坤, 等. 基于简单统计特征的LDoS攻击检测方法[J]. 通信学报, 2022,43(11):53-64.

Xueyuan DUAN, Yu FU, Kun WANG, et al. LDoS attack detection method based on simple statistical features[J]. Journal on communications, 2022, 43(11): 53-64.
段雪源, 付钰, 王坤, 等. 基于简单统计特征的LDoS攻击检测方法[J]. 通信学报, 2022,43(11):53-64. DOI： 10.11959/j.issn.1000-436x.2022216.

Xueyuan DUAN, Yu FU, Kun WANG, et al. LDoS attack detection method based on simple statistical features[J]. Journal on communications, 2022, 43(11): 53-64. DOI： 10.11959/j.issn.1000-436x.2022216.

摘要

传统的低速率拒绝服务（LDoS）攻击检测方法存在特征提取复杂、计算开销大、实验背景单一和攻击场景过时等问题，难以满足现实网络环境对LDoS攻击检测的需求。通过研究LDoS攻击原理，分析LDoS攻击流量的特征，提出一种基于网络流简单统计特征的LDoS攻击检测方法。根据网络流量数据包的简单统计特征构造检测数据序列，利用深度学习技术学习输入样本的时间关联性特征，并根据重构序列与原输入序列的差异进行LDoS 攻击判定。实验结果表明，所提方法能够有效地检测出流量中的 LDoS 攻击流量，且对异构网络流量具有较强的适应性。

Abstract

Traditional low-rate denial of service (LDoS) attack detection methods were complex in feature extraction

high in computational cost

single in experimental data background settings

and outdated in attack scenarios

so it was difficult to meet the demand for LDoS attack detection in a real network environment.By studying the principle of LDoS attack and analyzing the features of LDoS attack traffic

a detection method of LDoS attack based on simple statistical features of network traffic was proposed.By using the simple statistical features of network traffic packets

the detection data sequence was constructed

the time correlation features of input samples were extracted by deep learning technology

and the LDoS attack judgment was made according to the difference between the reconstructed sequence and the original input sequence.Experimental results show that the proposed method can effectively detect the LDoS attack traffic in traffic and has strong adaptability to heterogeneous network traffic.

关键词

Keywords

references

WU Z J , LI W J , LIU L , et al . Low-rate DoS attacks,detection,defense,and challenges:a survey [J ] . IEEE Access , 2020 , 8 : 43920 - 43943 .

ADI E , BAIG Z , LAM C P , et al . Low-rate denial-of-service attacks against HTTP/2 services [C ] // Proceedings of 2015 5th International Conference on IT Convergence and Security (ICITCS) . Piscataway:IEEE Press , 2015 : 1 - 5 .

李洪成 , 吴晓平 , 姜洪海 . 基于改进聚类分析的网络流量异常检测方法 [J ] . 网络与信息安全学报 , 2015 , 1 ( 1 ): 66 - 71 .

LI H C , WU X P , JIANG H H . Traffic anomaly detection method in networks based on improved clustering algorithm [J ] . Chinese Journal of Network and Information Security , 2015 , 1 ( 1 ): 66 - 71 .

MANIMURUGAN S , ALMUTAIRI S . A user-based video recommendation approach using CAC filtering,PCA with LDOS-CoMoDa [J ] . The Journal of Supercomputing , 2022 , 78 ( 7 ): 9377 - 9391 .

李佳 , 云晓春 , 李书豪 , 等 . 基于混合结构深度神经网络的 HTTP恶意流量检测方法 [J ] . 通信学报 , 2019 , 40 ( 1 ): 24 - 33 .

LI J , YUN X C , LI S H , et al . HTTP malicious traffic detection method based on hybrid structure deep neural network [J ] . Journal on Communications , 2019 , 40 ( 1 ): 24 - 33 .

SHI W , TANG D , ZHAN S J , et al . An approach for detecting LDoS attack based on cloud model [J ] . Frontiers of Computer Science , 2022 , 16 ( 6 ): 1 - 12 .

KUZMANOVIC A , KNIGHTLY E W . Low-rate TCP-targeted denial of service attacks and counter strategies [C ] // Proceedings of IEEE/ACM Transactions on Networking . Piscataway:IEEE Press , 2005 : 683 - 696 .

LIU L , WANG H Y , WU Z J , et al . The detection method of low-rate DoS attack based on multi-feature fusion [J ] . Digital Communications and Networks , 2020 , 6 ( 4 ): 504 - 513 .

SHARAFALDIN I , GHARIB A , LASHKARI A H , et al . Towards a reliable intrusion detection benchmark dataset [J ] . Software Networking , 2017 , 2017 ( 1 ): 177 - 200 .

吴志军 , 张景安 , 岳猛 , 等 . 基于联合特征的LDoS攻击检测方法 [J ] . 通信学报 , 2017 , 38 ( 5 ): 19 - 30 .

WU Z J , ZHANG J G , YUE M , et al . Approach of detecting low-rate DoS attack based on combined features [J ] . Journal on Communications , 2017 , 38 ( 5 ): 19 - 30 .

WU Z J , ZHANG L Y , YUE M . Low-rate DoS attacks detection based on network multifractal [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 13 ( 5 ): 559 - 567 .

LIU D L , SHUAI D X . Multifractal characteristic quantities of network traffic models [C ] // Grid and Cooperative Computing . Berlin:Springer , 2004 : 413 - 417 .

ZHANG C W , CAI Z P , CHEN W F , et al . Flow level detection and filtering of low-rate DDoS [J ] . Computer Networks , 2012 , 56 ( 15 ): 3417 - 3431 .

WU Z J , WANG M X , YAN C C , et al . Low-rate DoS attack flows filtering based on frequency spectral analysis [J ] . China Communications , 2017 , 14 ( 6 ): 98 - 112 .

杜臻 , 马立鹏 , 孙国梓 . 一种基于小波分析的网络流量异常检测方法 [J ] . 计算机科学 , 2019 , 46 ( 8 ): 178 - 182 .

DU Z , MA L P , SUN G Z . Network traffic anomaly detection based on wavelet analysis [J ] . Computer Science , 2019 , 46 ( 8 ): 178 - 182 .

AGRAWAL N , TAPASWI S . Low rate cloud DDoS attack defense method based on power spectral density analysis [J ] . Information Processing Letters , 2018 , 138 : 44 - 50 .

BRYNIELSSON J , SHARMA R . Detectability of low-rate HTTP server DoS attacks using spectral analysis [C ] // Proceedings of 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) . Piscataway:IEEE Press , 2015 : 954 - 961 .

WU X X , TANG D , TANG L , et al . A low-rate DoS attack detection method based on Hilbert spectrum and correlation [C ] // Proceedings of 2018 IEEE SmartWorld,Ubiquitous Intelligence ＆ Computing,Advanced ＆ Trusted Computing,Scalable Computing ＆ Communications,Cloud ＆ Big Data Computing,Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI) . Piscataway:IEEE Press , 2018 : 1358 - 1363 .

SWAMI R , DAVE M , RANGA V . Defending DDoS against software defined networks using entropy [C ] // Proceedings of 2019 4th International Conference on Internet of Things:Smart Innovation and Usages (IoT-SIU) . Piscataway:IEEE Press , 2019 : 1 - 5 .

ZHANG D S , TANG D , TANG L , et al . PCA-SVM-based approach of detecting low-rate DoS attack [C ] // Proceedings of 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems . Piscataway:IEEE Press , 2019 : 1163 - 1170 .

YAN Y D , TANG D , ZHAN S J , et al . Low-rate DoS attack detection based on improved logistic regression [C ] // Proceedings of 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City;IEEE 5th International Conference on Data Science and Systems . Piscataway:IEEE Press , 2019 : 468 - 476 .

PÉREZ-DÍAZ J A , VALDOVINOS I A , CHOO K K R , et al . A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning [J ] . IEEE Access , 2020 , 8 : 155859 - 155872 .

TANG D , TANG L , DAI R , et al . MF-Adaboost:LDoS attack detection based on multi-features and improved Adaboost [J ] . Future Generation Computer Systems , 2020 , 106 : 347 - 359 .

ILANGO H S , MA M D , SU R . A FeedForward-convolutional neural network to detect low-rate DoS in IoT [J ] . Engineering Applications of Artificial Intelligence , 2022 ,114:105059.

TANG D , TANG L , SHI W , et al . MF-CNN:a new approach for LDoS attack detection based on multi-feature fusion and CNN [J ] . Mobile Networks and Applications , 2021 , 26 ( 4 ): 1705 - 1722 .

AGARWAL A , PRASAD A , RUSTOGI R , et al . Detection and mitigation of fraudulent resource consumption attacks in cloud using deep learning approach [J ] . Journal of Information Security and Applications , 2021 ,56:102672.

XU C Y , SHEN J Z , DU X . Low-rate DoS attack detection method based on hybrid deep neural networks [J ] . Journal of Information Security and Applications , 2021 ,60:102879.

CHEN X H , DENG L W , HUANG F T , et al . DAEMON:unsupervised anomaly detection and interpretation for multivariate time series [C ] // Proceedings of 2021 IEEE 37th International Conference on Data Engineering . Piscataway:IEEE Press , 2021 : 2225 - 2230 .

ANDREAS V , MICHAEL W , SERGE B . Residual networks behave like ensembles of relatively shallow networks [C ] // Advances in Neural Information Processing Systems . Massachusetts:MIT Press , 2016 : 550 - 558 .

浏览量

547

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

SDN下基于深度学习混合模型的DDoS攻击检测与防御

超大规模太赫兹系统深度学习信道估计算法

基于机器学习的加密流量分类研究综述

基于深度学习的SDN异常流量分布式检测方法

基于Ngram-TFIDF的深度恶意代码可视化分类方法