Conference ProceedingsOPEN ACCESS

Low-rate DoS attack detection based on two-step cluster analysis

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2018) 11149 LNCS 92-104
DOI: 10.1007/978-3-030-01950-1_6
14Citations
Citations of this article
16Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The low-rate denial of service (LDoS) attacks reduce the throughput of TCP traffic by sending high rate and short duration bursts periodically to the victim. Although many LDoS attack detection methods have been proposed, LDoS attacks are still difficult to accurately detect due to their low rate and good concealment. In this paper, we propose a novel method to detect LDoS attacks based on the fact that TCP traffic under LDoS attacks is more discrete than normal traffic and traffic under DDoS attacks. Two-step cluster analysis is adopted to cluster the network traffic based on the discrete characteristics of TCP traffic, and then the suspected cluster is detected by abnormal pieces analysis. The two-step cluster analysis method is proved to be effective for detecting LDoS attacks based on NS2 simulation. Experiments on public dataset LBNL and dataset WIDE also show that the method has a low rate of false positive.

Author supplied keywords

Cite

CITATION STYLE

APA

Tang, D., Dai, R., Tang, L., Zhan, S., & Man, J. (2018). Low-rate DoS attack detection based on two-step cluster analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11149 LNCS, pp. 92–104). Springer Verlag. https://doi.org/10.1007/978-3-030-01950-1_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free