Accurately Identifying New Qos Violation Driven By High-Distributed Low-Rate Denial Of Service Attacks Based On Multiple Observed Features

Abstract

We propose using multiple observed features of network traffic to identify new high-distributed low-rate quality of services (QoS) violation so that detection accuracy may be further improved. For the multiple observed features, we choose F feature in TCP packet header as a microscopic feature and, P feature and D feature of network traffic as macroscopic features. Based on these features, we establish multistream fused hidden Markov model (MF-HMM) to detect stealthy low-rate denial of service (LDoS) attacks hidden in legitimate network background traffic. In addition, the threshold value is dynamically adjusted by using Kaufman algorithm. Our experiments show that the additive effect of combining multiple features effectively reduces the false-positive rate. The average detection rate of MF-HMM results in a significant 23.39% and 44.64% improvement over typical power spectrum density (PSD) algorithm and nonparametric cumulative sum (CUSUM) algorithm.

Publication Date

1-1-2015

Publication Title

Journal of Sensors

Volume

2015

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1155/2015/465402

Socpus ID

84939825883 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84939825883

This document is currently not available here.

Share

COinS