An approach for detecting LDoS attack based on cloud model

Cybersecurity has always been the focus of Internet research. An LDoS attack is an intelligent type of DoS attack, which reduces the quality of network service by periodically sending high-speed but short-pulse attack traffic. The existing LDoS attack detection methods generally have the problems of high FPR and FNR.

To solve the problems, a research team led by Wei SHI published their new research on 02 April 2022 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.

The team proposed a cloud model-based LDoS attack detection method using a classifier based on SVM to train and classify the feature parameters. The detection method is verified and tested in the NS2 simulation platform and Test-bed network environment. Compared with the existing research results, the proposed method requires fewer samples, and it has lower FPR and FNR.

In the research, they analyze the abnormal changes in network traffic caused by the LDoS attack and use the cloud model to compare the difference between the normal state of the network and the state of the LDoS attack. In order to more accurately judge whether the network is under LDoS attack, they use the cloud model to obtain the feature parameters in two states, and then use the Support Vector Machine (SVM)-based LDoS attack detection classifier to train and classify the obtained feature parameters, detect whether there is an LDoS attack on the network.

Firstly, the cloud model is used to analyze network traffic. The reverse cloud generation algorithm analyzes the network traffic in the bottleneck link to obtain feature values of the cloud model, and analyzes the changes of the feature values under the LDoS attack, then use the SVM with “small sample” learning ability to establish LDoS attack detection classifier to judge whether the LDoS attack occurs. The experiment are performed in the NS2 and the Test-bed. The experimental data shows that compared with the existing research methods, the proposed method requires fewer sample data and has the characteristics of a high Accuracy, low FNR, and low FPR value.

Future work can focus on finding more suitable public datasets containing the LDoS attack, expanding the experimental platform, and designing a more effective method for accurately detecting the LDoS attack.

###

Research Article, Published: 02 April 2022

Wei SHI, Dan TANG, Sijia ZHAN, Zheng QIN, Xiyin WANG. An approach for detecting LDoS attack based on cloud model. Front. Comput. Sci., 2022, 16(6): 166821, https://doi.org/10.1007/s11704-022-0486-1

About Frontiers of Computer Science (FCS)

FCS was launched in 2007. It is published bimonthly both online and in print by HEP and Springer. Prof. Zhi-Hua Zhou from Nanjing University serves as the Editor-in-Chief. It aims to provide a forum for the publication of peer-reviewed papers to promote rapid communication and exchange between computer scientists. FCS covers all major branches of computer science, including: architecture, software, artificial intelligence, theoretical computer science, networks and communication, information systems, multimedia and graphics, information security, interdisciplinary, etc. The readers may be interested in the special columns "Perspective" and "Excellent Young Scholars Forum".

FCS is indexed by SCI(E), EI, DBLP, Scopus, etc. The latest IF is 2.061. FCS solicits the following article types: Review, Research Article, Letter.