A LDOS Attack Detection Method Based on Queue Distribution

An attack detection and queuing technology, applied in the transmission system, electrical components, etc., can solve the problems of low average attack rate and difficult detection, and achieve the effect of safe and effective network defense

Active Publication Date: 2021-03-26
CIVIL AVIATION UNIV OF CHINA
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

3. The average attack rate is very low (even lower than the legal flow), and it has strong concealment, which makes detection difficult
However, this approach requires additional storage of the feature table

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A LDOS Attack Detection Method Based on Queue Distribution
  • A LDOS Attack Detection Method Based on Queue Distribution
  • A LDOS Attack Detection Method Based on Queue Distribution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0024] The LDoS attack detection method based on queue distribution provided by the invention comprises the following steps carried out in order:

[0025] 1) First analyze the queue behavior under LDoS attack, infer the attack cycle, and establish a two-dimensional queue distribution model based on the analysis results;

[0026] When analyzing the queue behavior under the LDoS attack, the present invention assumes that the window size of the TCP sender is not limited by the flow control window of the receiver, and the router buffer size is set to the bandwidth-delay product, then the RED queue behavior during the attack is as follows figure 1 shown. figure 1 The upper part of shows the TCP sender's congestion window over time, figure 1 The middle part of shows the average queue length over time, figure 1 The bottom half of , shows the inst...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an LDoS attack detection method based on queue distribution. The method comprises the steps of analyzing a queue behavior under an LDoS attack, deducing an attack period, and establishing a two-dimensional queue distribution model based on an analysis result; calculating an average Euclidean distance from a sampling point to a central point in the two-dimensional queue distribution model; and comparing the average Euclidean distance with a set threshold value dth to identify the LDoS attack. According to the invention, a low-rate denial of service attack widely exists and is difficult to distinguish from a normal flow direction; attack characteristics are extracted through a two-dimensional queue distribution model composed of an instantaneous queue and an average queue. taking an Euclidean distance from a sample point to a central point in the two-dimensional queue distribution model as a detection feature; the detection threshold is dynamically adjusted by using the EWMA adaptive threshold algorithm, so that the detection method can adapt to various types of traffic in an actual network and can accurately distinguish the LDoS attack traffic from legal burst traffic, thereby enabling network defense to be safer and more effective.

Description

technical field [0001] The invention belongs to the technical field of computer network security, in particular to an LDoS attack detection method based on queue distribution. Background technique [0002] Low-rate Denial of Service (LDoS) attack was first proposed in 2003, and during these 15 years, this attack has developed into many variants, such as quality of quality (RoQ), fraudulent resource consumption (FRC), slow attack, stealth DoS. Generally speaking, LDoS attacks have three characteristics: 1. Utilize the loopholes of specific protocols or systems in the network to cause significant degradation of services in terms of resource utilization, system stability, or service quality. 2. Low cost, a single attack source can launch an attack, and its attack traffic is much smaller than that of a flood DoS (Flood DoS, FDoS) attack. 3. The average attack rate is very low (even lower than the legal flow), and it has strong concealment, which makes detection difficult. In ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 岳猛王怀远
Owner CIVIL AVIATION UNIV OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap