TS-SVM: Detect LDoS Attack in SDN Based on Two-step Self-adjusting SVM

Abstract

The Low-Rate Denial of Service (LDoS) attack is a new type of Denial of Service attack. Because of its adequate concealment, it is not easy to detect by conventional detection methods. The detection method using a Support Vector Machine (SVM) is feasible, but it has the defect of insufficient generalization ability; consequently, this paper proposes the LDoS attack detection method based on the Two-step Self-adjusting Support Vector Machine (TS-SVM). For the network traffic data, the Discrete Wavelet Transform is used as the feature extraction tool to decompose and reconstruct the network traffic, and the time-domain features such as the mean value of the traffic subband are selected for detection. Two kinds of SVM approaches of self-adjusting are put forward in this paper: to adjust the increasing degree of data dimension, and the other is to adjust the error tolerance. Next, the Adaptive Particle Swarm Optimization (APSO) algorithm is used to realize the two adjustment approaches, ultimately achieving the goal of ascension generalization ability. The detection model constructed has a higher detection effect. To verify the method's feasibility, experiments are carried out in a Software Defined Network (SDN) created by the Mininet simulator and Ryu controller. By comparing the proposed method with the traditional SVM method, it is shown that the performance of this method is better than that of the method based on the traditional SVM. By comparing with the traditional LDoS detection methods, it is manifested that the detection accuracy of this method is 92.36%-96.65%, which is higher than the traditional detection methods.