A New Collaborative Detection Method for LDoS Attacks

Abstract

The Low-rate Denial of Service (LDoS) attacks reduce network services capabilities by periodically sending high intensity pulse data flows. For the hidden performance of LDoS attacks, it is more difficult for traditional DoS detection methods to detect. At the same time the accuracy of the current detection methods for the LDoS attacks is relatively low. However, when the LDoS attacks occur, the frequency distribution and the fluctuation pattern of the TCP traffic have a special change. As the fact that the LDoS attacks led to the abnormal frequency distribution and the abnormal fluctuation pattern of the TCP traffic, we propose a new collaborative detection method (NCDM) for LDoS attacks. In NCDM, the Distance is used to measure the frequency distribution and the Mean Deviation is used to measure the fluctuation pattern, then judgment criteria are proposed to collaborative detect the LDoS attacks. Base on the NS2 simulator platform and DARPA99 datasets, the experiments show that this method can detect LDoS attacks effectively and has a low false-negative rate and false-positives rate