Coherent detection of synchronous low-rate DoS attacks

Abstract

Low-rate denial-of-service (LDoS) attacks are characterized by low average rate and periodicity. Under certain conditions, the high concealment of LDoS attacks enables them to transfer the attack stream to the network without being detected at all before the end. In this article, plenty of LDoS attack traffic is spread to the victim end to detect LDoS attacks. Through experimental analysis, it is found that the attack pulses at the victim end have sequence correlation, so the coherence detection technology in spread spectrum communication is proposed to detect LDoS attacks. Therefore, this paper proposes an attack detection method based on coherent detection, which adopts bivariate cyclic convolution algorithm. Similar to the generation of receiving terminal phase dry detection code in spread spectrum communication, we construct a local detection sequence to complete the extraction of LDoS attack stream from the background traffic of the victim terminal, that is, the coherent detection of LDoS attacks. When predicting the features of an LDoS attack, how to construct the parameters of the detection sequence (such as period, pulse duration, amplitude, and so on) is very important. In this paper, we observe the correlation of LDoS attacks and use coherence detection to detect LDoS attacks. By comparing calculated cross-correlation values with designed double threshold rules, the existence of attacks can be determined. The simulation platform and experiments show that this method has high detection performance.