• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Detecting LDoS Attacks based on Abnormal Network Traffic

Vol. 6, No.7, July 25, 2012
10.3837/tiis.2012.07.007, Download Paper (Free):

Abstract

By sending periodically short bursts of traffic to reduce legit transmission control protocol (TCP) traffic, the low-rate denial of service (LDoS) attacks are hard to be detected and may endanger covertly a network for a long period. Traditionally, LDoS detecting methods mainly concentrate on the attack stream with feature matching, and only a limited number of attack patterns can be detected off-line with high cost. Recent researches divert focus from the attack stream to the traffic anomalies induced by LDoS attacks, which can detect more kinds of attacks with higher efficiency. However, the limited number of abnormal characteristics and the inadequacy of judgment rules may cause wrong decision in some particular situations. In this paper, we address the problem of detecting LDoS attacks and present a scheme based on the fluctuant features of legit TCP and acknowledgment (ACK) traffic. In the scheme, we define judgment criteria which used to identify LDoS attacks in real time at an optimal detection cost. We evaluate the performance of our strategy in real-world network topologies. Simulations results clearly demonstrate the superiority of the method proposed in detecting LDoS attacks.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Kai Chen, HuiYu Liu and XiaoSu Chen, "Detecting LDoS Attacks based on Abnormal Network Traffic," KSII Transactions on Internet and Information Systems, vol. 6, no. 7, pp. 1831-1853, 2012. DOI: 10.3837/tiis.2012.07.007

[ACM Style]
Chen, K., Liu, H., and Chen, X. 2012. Detecting LDoS Attacks based on Abnormal Network Traffic. KSII Transactions on Internet and Information Systems, 6, 7, (2012), 1831-1853. DOI: 10.3837/tiis.2012.07.007