Abstract
The low-rate denial of service (LDoS) attacks reduce the throughput of TCP traffic by sending high rate and short duration bursts periodically to the victim. Although many LDoS attack detection methods have been proposed, LDoS attacks are still difficult to accurately detect due to their low rate and good concealment. In this paper, we propose a novel method to detect LDoS attacks based on the fact that TCP traffic under LDoS attacks is more discrete than normal traffic and traffic under DDoS attacks. Two-step cluster analysis is adopted to cluster the network traffic based on the discrete characteristics of TCP traffic, and then the suspected cluster is detected by abnormal pieces analysis. The two-step cluster analysis method is proved to be effective for detecting LDoS attacks based on NS2 simulation. Experiments on public dataset LBNL and dataset WIDE also show that the method has a low rate of false positive.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
