An Efficient Detection Approach for LDoS Attack based on NCS-SVM Algorithm

Abstract

Low Rate Denial of Service (LDoS) Attack is a sort of DoS attack with analogous effects but is more hidden. The LDoS attack is essentially launched by a malicious attacker who utilizes the loopholes of the TCP/IP congestion control mechanism to aim the purpose of attacking by using the periodic burst co-intensity attack flow and causing repeated congestion on the network. Disadvantages of high false positive rate and high false negative rate still remain in the existing detection methods for LDoS attacks. In this paper, a new method based on NCS-SVM algorithm for LDoS attacks is presented. By judging the similarity between the normal cloud model and the reference, this method determines whether the LDoS attack has occurred. In this detection process, the inverse cloud generator and the normal cloud’s expectation curve are also adopted. For the purpose of improving the accuracy of detection, a Support Vector Machine (SVM) is introduced to classify the similarity of cloud models. Experiments to verify this algorithm used multiple data sets, namely NS2, Testbed, and WIDE2018. And at last, the experimental results and comparison with other methods are given to prove that the NCS-SVM-based LDoS attack detection method is effective.