Two-stage detection algorithm for RoQ attack based on localized periodicity analysis of traffic anomaly

Wen, Kun; Yang, Jiahai; Fang, Cheng; Li, Chenxi; Wang, Ziyu; Yin, Huicheng

doi:10.1109/icccn.2014.6911829

Cited by 5 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wen et al in [39] have combined anomaly detection with misuse detection to detect potential anomalies through the use of wavelet multi-resolution analysis and auto-correlation analysis. The obtained experimental results show that RoQ attacks were detected accurately with both low false positive and low false negative rates.…”

Section: Previous Methods For Detection Of Roq Attacksmentioning

confidence: 99%

“…Advanced DDoS attacks may be classified as low-rate DoS/DDoS (also known as LDoS) attacks or as slow DoS/DDoS attacks. Low-rate DoS/DDoS attacks include Reduction of Quality (RoQ) attacks [38][39][40] at the network layer, Shrew attack [41][42][43] and the New-Shrew attack [44] at the transport layer, and LoRDAS attack (Low-Rate DoS attacks against Application Servers) [45,46] at the application layer.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behaviour therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called lowrate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11'46" and 46'48" to classify the emulated and real traffic datasets, respectively.

show abstract

Section: Previous Methods For Detection Of Roq Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Wen et al in [104] created a detection system divided into two stages. the first stage was to analyze suddenly anomalies in the collected traffic data.…”

Section: B Roq Attackmentioning

confidence: 99%

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

et al. 2022

View full text Add to dashboard Cite

The potential for being the target of Denial of Service (DoS) attacks is one of the most severe security threats on the Internet. Attackers have been modifying their attack format over the years, damaging specific conditions of operating systems and protocols in an attempt to deny or diminish the quality of the service provided to legitimate users. Nowadays, attacks are stealthier and mimic legitimate user traffic in such a way that detection mechanisms against High-rate DoS attacks are no longer sufficient. This evolving type of attack, known as LDoS (Low-rate Denial of Service) attacks, has the potential to produce more damage than its predecessor due to its stealth nature and the lack of suitable detection and defense methods. This survey summarizes and complements previous studies and surveys related to this specific type of attack. First, we propose a taxonomy of the LDoS attacks, which were divided into three broad categories based on their modus operandi: QoS attacks, Slow rate attacks, and Service queue attacks. Next, we detail numerous detection mechanisms and counter-measures available against eight types of LDoS attacks. More specifically, we describe the methods used to throttle the attack traffic. Finally, we provide a feature comparison table for some existing attack tools. This survey aims at providing an extensive review of the literature for helping researchers and network administrators find up-to-date knowledge on LDoS attacks.

show abstract

“…The online detection method is used to calculate the frequency of receiving RTS/CTS packets, however, off-line monitoring and big data statistic method should be considered with the rapid increase of wireless monitoring data volume. A two-stage DoS detection algorithm was proposed based on time-frequency signal analysis method [4]. In the first stage, network traffic is analysed through wavelet multi-resolution analysis method.…”

Section: Introductionmentioning

confidence: 99%

Novel LDoS attack detection by Spark‐assisted correlation analysis approach in wireless sensor network

Chen

Caixia

et al. 2020

IET Information Security

View full text Add to dashboard Cite

Two-stage detection algorithm for RoQ attack based on localized periodicity analysis of traffic anomaly

Cited by 5 publications

References 10 publications

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

Novel LDoS attack detection by Spark‐assisted correlation analysis approach in wireless sensor network

Contact Info

Product

Resources

About