Identifying New High-Distributed Low-Rate Qos Violation Driven By Ldos Based On Multi-Observed Features Mf-Hmm

Keywords

Kaufman algorithm; Multi-stream fused HMM; Network QoS; Power spectrum density PSD

Abstract

To detect new high-distributed low-rate QoS violation driven by LDoS attack and guarantee high network QoS, a novel recognition scheme was proposed with the consideration of multiple network features in both macro and micro aspects. At micro-level feature, the weighted sum of FLAG control bits was used to describe an internal micro-change in TCP package header. Meanwhile, the power spectral density(PSD) feature of I-I-P triple was calculated in order to reflect the inherent periodicity of LDoS Attack; at macro-level feature, R feature was introduced to mark the change in ratio of sent_flow and received_flow. Multi-dimensional observation state sequences can be constituted with these features that further form multi-stream fused hidden Markov model (MF-HMM). MF-HMM was applied to automatically recognize QoS violation. In addition, Kaufman algorithm was used to dynamically adjust and upgrade threshold value. Experiments showed that the approach effectively reduces the false-positive rate and false-negative rate in recognition. Moreover, it has an especially high recognition rate for new high-distributed low-rate QoS violation driven by LDoS even in complexity background network traffic.

Publication Date

1-1-2015

Publication Title

Sichuan Daxue Xuebao (Gongcheng Kexue Ban)/Journal of Sichuan University (Engineering Science Edition)

Volume

47

Issue

1

Number of Pages

42-48

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.15961/j.jsuese.2015.01.006

Socpus ID

84921458132 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84921458132

This document is currently not available here.

Share

COinS