The detection method of low-rate DoS attack based on multi-feature fusion

Abstract

As a new type of Denial of Service (DoS) attacks, the Low-rate Denial of Service (LDoS) attacks make the traditional method of detecting Distributed Denial of Service Attack (DDoS) attacks useless due to the characteristics of a low average rate and concealment. With features extracted from the network traffic, a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper. An attack feature set containing the Acknowledge character(ACK) sequence number, the packet size, and the queue length is used to classify normal and LDoS attack traffics. Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor (KNN) classifier separately, and to obtain the decision contour matrix. Then a posteriori probability in the matrix is fused, and the fusion decision index D is used as the basis of detecting the LDoS attacks. Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.