微信服务号

微信订阅号

2025-4-24- 9
Home > Archive>Volume 31, Issue 5, 2020 >1549-1562. DOI:10.13328/j.cnki.jos.005658
PDF HTML XML Export Cite reminder
Detection of LDoS Attacks Based on Wavelet Energy Entropy and Hidden Semi-Markov Models
Author:
Affiliation:

Clc Number:

TP309

Fund Project:

Joint Foundation of National Natural Science Foundation of China and Civil Aviation Adminstration of China (U1933108); Scienti?c Research Project of Tianjin Municipal Education Commission (2019KJ117)

  • Article
    • | |
  • Metrics
    • |
  • Reference [33]
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    Low-rate denial of service (LDoS) attack can cause the packets loss of the legitimate users and reduce the transmission performance of the transport system by sending short bursts of packets periodically. The LDoS attack flows always mix with the legitimate traffic, hence, it is hard to be detected. This study designs an LDoS attack classifier based on network model, which uses hidden semi-Markov model (HSMM), and deploys a decision indicator to detect LDoS attacks. In this method, wavelet transform is exploited to compute the network traffic’s wavelet energy spectrum entropy, which is used as the input of the HSMM. The proposed detection method has been evaluated in NS-2 and Test-bed, and experimental results show that it achieves a better performance with detection rate of 96.81%.

    Reference
    [1] Wu ZJ, Pei BS. The detection of LDoS attack based on the model of small signal. Acta Electronica Sinica, 2011,39(6):1456-1460(in Chinese with English abstract).
    [2] Luo JT, Yang XL, Wang J, Xu J, Sun J, Long KP. On a mathematical model for low-rate shrew DDoS. IEEE Trans. on Information Forensics and Security, 2014,9(7):1069-1083. [doi: 10.1109/TIFS.2014.2321034]
    [3] Kuzmanovic A, Knightly EW. Low-rate TCP-targeted denial of service attacks. Proc. of the ACM SIGCOMM, 2003,14(4):75-86. [doi: 10.1145/863965.863966]
    [4] Wen K, Yang JH, Zhang B. Survey on research and progress of low-rate denial of service attacks. Ruan Jian Xue Bao/Journal of Software, 2014,25(3):591-605(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/4520.htm [doi: 10.13328/j.cnki. jos.004520]
    [5] Kwok YK, Tripathi R, Chen Y, Hwang K. HAWK: Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks. In: Proc. of the ICCNMC. 2005. 423-432. [doi: 10.1007/11534310_46]
    [6] Zhang J, Hu HP, Liu B, Xiao FT. Detecting LDoS attack based on ASPQ. Journal on Communication, 2012,33(5):79-84(in Chinese with English abstract). [doi: 10.3969/j.issn.1000-436X.2012.05.010]
    [7] Wu N, Mu ZY, Zhang LC. Distributed denial of service covert flow detection based on data stream potential energy feature. Computer Engineering, 2015,41(3):142-146,161(in Chinese with English abstract). [doi: 10.3969/j.issn.1000-3428.2015.03.027]
    [8] Luo JT, Yang XL. The new shrew attack: A new type of low-rate TCP-targeted DoS attack. In: Proc. of the Int’l Conf. on Communications. 2014. 713-718. [doi: 10.1109/icc.2014.6883403]
    [9] Chen Y, Huang K, Kwok YK. Collaborative defense against periodic shrew DDoS attacks in frequency domain. ACM Trans. on Information and System Security, 2005. https://www.researchgate.net/publication/228703297
    [10] Tang D, Chen K, Chen XS, Liu HY, Li XH. Adaptive EWMA method based on abnormal network traffic for LDoS attacks. Mathematical Problems in Engineering, 2014,(3):166-183. [doi: 10.1155/2014/496376]
    [11] Wu ZJ, Zhang LY, Yue M. Low-rate DoS attacks detection based on network multifractal. IEEE Trans. on Dependable and Secure Computing, 2016,13(5):559-567. [doi: https://doi.org/10.1109/tdsc.2015.2443807]
    [12] Tang YJ, Luo Xp, Hui Q, Rocky KC. Modeling the vulnerability of feedback-control based Internet services to low-rate DoS attacks. IEEE Trans. on Information Forensics and Security (TIFS), 2014,9(3):339-353. [doi: 10.1109/tifs.2013.2291970]
    [13] Zhu HL, Yang YX, Wu QX, You FC. A novel distributed LDoS attack scheme against Internet routing. China Communications, 2014,11(13):101-107. [doi: 10.1109/cc.2014.7022532]
    [14] Chen Y, Hwang K. Spectral analysis of TCP flows for defense against reduction-of-quality attacks. In: Proc. of the IEEE Int’l Conf. on Communications. 2007. 24-28. [doi: 10.1109/icc.2007.204]
    [15] Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006,66(9):1137-1151. [doi: 10.1016/j.jpdc.2006.04.007]
    [16] He YX, Liu T, Cao Q, Xiong Q, Han Y. A survey of low- rate denial- of- service attacks. Journal of Frontiers of Computer Scicence and Technology, 2008,2(1):1-19(in Chinese with English abstract). [doi: 10.3778/j.issn.1673-9418.2008.01.001]
    [17] He YX, Cao Q, Liu T, Han Y, Xiong Q. A low-rate DoS detection method based on feature extraction using wavelet transform. Ruan Jian Xue Bao/Journal of Software, 2009,20(4):930-941(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/ 20/930.htm [doi: 10.3724/SP.J.1001.2009.03302]
    [18] Wu ZJ, Yue M. Research on the performance of low-rate DoS attack. Journal on Communication, 2008,29(6):87-93(in Chinese with English abstract). [doi: 10.3321/j.issn:1000-436X.2008.06.014]
    [19] Zeng QH, Qiu J, Liu GJ, Tan XD. Equipment degradation state recognition method and its applications based on wavelet feature scale entropy and hidden semi-Markov models. Acta Armamentarii, 2008,29(2):198-203(in Chinese with English abstract). [doi: 10.3321/j.issn:1000-1093.2008.02.015]
    [20] Jain R, Abouzakhar NS. Hidden Markov model based anomaly intrusion detection. In: Proc. of the Int’l Conf. for Internet Technology and Secured Transactions. 2012. 528-533.
    [21] Kuzmanovic A, Knightly EW. Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE/ACM Trans. on Networking, 2006,14(4):683-696. [doi: 10.1109/tnet.2006.880180]
    [22] Wu ZJ, Yue M. Detection of LDDoS attack based on kalman filtering. Acta Electronica Sinica, 2008,36(8):1590-1594(in Chinese with English abstract). [doi: 10.3321/j.issn:0372-2112.2008.08.021]
    [23] Wu ZJ, Jiang J, Yue M. A Particle filter-based approach for effectively detecting low-rate denial of service attacks. In: Proc. of the Int’l Conf. on Cyber-enabled Distributed Computing and Knowledge Discovery (CyberC). 2016. 86-90. [doi: 10.1109/cyberc. 2016.25]
    附中文参考文献:
    [1] 吴志军,裴宝崧.基于小信号检测模型的LDoS攻击检测方法的研究.电子学报,2011,39(6):1456-1460.
    [4] 文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述.软件学报,2014,25(3):591-605. http://www.jos.org.cn/1000-9825/4520.htm [doi: 10.13328/j.cnki.jos.004520]
    [6] 张静,胡华平,刘波,肖枫涛.基于ASPQ的LDoS攻击检测方法.通信学报,2012,33(5):79-84. [doi: 10.3969/j.issn.1000-436X.2012. 05.010]
    [7] 吴娜,穆朝阳,张良春.基于数据流势能特征的分布式拒绝服务隐蔽流量检测.计算机工程,2015,41(3):142-146,161. [doi: 10. 3969/j.issn.1000-3428.2015.03.027]
    [16] 何炎祥,刘陶,曹强,熊琦,韩奕.低速率拒绝服务攻击研究综述.计算机科学与探索,2008,2(1):1-19. [doi: 10.3778/j.issn.1673-9418. 2008.01.001]
    [17] 何炎祥,曹强,刘陶,韩奕,熊琦.一种基于小波特征提取的低速率DoS检测方法.软件学报,2009,20(4):930-941. http://www.jos.org.cn/1000-9825/3302.htm [doi: 10.3724/SP.J.1001.2009.03302]
    [18] 吴志军,岳猛.低速率拒绝服务LDoS攻击性能的研究.通信学报,2008,29(6):87-93. [doi: 10.3321/j.issn:1000-436X.2008.06.014]
    [19] 曾庆虎,邱静,刘冠军,谭晓栋.基于小波特征尺度熵-隐半马尔可夫模型的设备退化状态识别方法及应用.兵工学报,2008,29(2): 198-203. [doi: 10.3321/j.issn:1000-1093.2008.02.015]
    [22] 吴志军,岳猛.基于卡尔曼滤波的LDDoS攻击检测方法.电子学报,2008,36(8):1590-1594. [doi: 10.3321/j.issn:0372-2112.2008. 08.021]
    Related
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

吴志军,李红军,刘亮,张景安,岳猛,雷缙.基于小波能谱熵和隐半马尔可夫模型的LDoS攻击检测.软件学报,2020,31(5):1549-1562

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:January 26,2018
  • Revised:May 17,2018
  • Online: May 18,2020
  • Published: May 06,2020
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063