AKN-FGD: Adaptive Kohonen Network Based Fine-Grained Detection of LDoS Attacks

Abstract

Low-rate denial of service (LDoS) attacks exploit the security vulnerabilities of network protocols adaptive mechanisms to launch periodic bursts. These attacks result in the severe destruction of the quality of service of TCP applications. Therefore, detection of LDoS attacks is a concern among scientific communities. However, the existing coarse-scale detection methods yield poor detection performance and adaptability. To achieve the accurate detection of LDoS attacks, an adaptive Kohonen Network based fine-grained detection (AKN-FGD) model for LDoS attacks is proposed. Based on the burst and periodicity characteristics of attack traffic, the Smith-Waterman (SW) algorithm is used to estimate the pulse period, which is the length of the detection unit. Subsequently, cluster analysis is performed for each detection unit using the adaptive Kohonen network (AKN) algorithm because the discreteness of traffic suffering from LDoS attacks is more pronounced than that of legitimate traffic. Finally, the existence of LDoS attacks can be verified in view of a novel decision metric, denoted as the anomaly degree, based on the clustering results. We conducted experiments not solely in traditional networks using NS3 and in a test-bed environment but also in a software-defined network (SDN), with accuracies of 99.7%, 99.8%, and 95.6% for detecting LDoS bursts, respectively. The experimental results show that the AKN-FGD scheme not only enables accurate fine-grained detection, that is, it can detect every attack burst, but also estimates the start and end times of the attacks. Moreover, we have compared the AKN-FGD scheme with some other detection methods, and a comparison of the results show that our proposed approach displays better detection performance.