Deakin University
Browse

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Download (2.06 MB)
Version 2 2024-06-13, 15:08
Version 1 2022-02-24, 14:41
journal contribution
posted on 2017-01-01, 00:00 authored by Lu Zhou, M Liao, C Yuan, H Zhang
Low-rate Distributed Denial-of-Service (low-rate DDoS) attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.

History

Journal

Security and Communication Networks

Volume

2017

Article number

3691629

Pagination

1 - 14

Publisher

Wiley

Location

London, Eng.

ISSN

1939-0114

eISSN

1939-0122

Language

English

Publication classification

C1.1 Refereed article in a scholarly journal