低速率拒绝服务(LDoS)攻击是DoS攻击的特殊变体,其可以利用TCP协议中的自适应机制来降低客户端和服务器的连接质量。由于攻击速率低且隐蔽,使用传统的 DoS 防御机制不能有效识别LDoS。本文提出了一种基于TCP流量的时频域特征和改进Stacking算法的LDoS攻击检测方法(TF-Stacking),分析了正常流量和包含LDoS攻击的流量在时域和频域上表现出的差异,构建网络流量特征集,用于流量数据的特征计算,以从网络流量数据中提取最有用的信息,减少网络数据规模。同时,改进Stacking算法来缓解元模型样本权重的不平衡问题,用于流量分类。本文在NS3仿真平台上进行了实验来评估TF-Stacking方法的性能,实验结果表明,TF-Stacking检测准确率达到了98。07%,且仅有1。55%的漏报率,可以有效检测LDoS攻击。
A low-rate denial of service attack detection method based on time and frequency domain features Of TCP
Low-rate Denial of Service(LDoS)attacks are a special variant of DoS attacks,which can utilize adaptive mechanisms in TCP to reduce the connection quality between clients and servers.Due to the low at-tack rate and stealthiness,traditional DoS defense mechanisms cannot effectively identify LDoS attacks.This paper proposes a LDoS attack detection method(TF-Stacking)based on the time-frequency domain charac-teristics of TCP traffic and the improved Stacking algorithm.This model constructs a network traffic feature set by analyzing the differences between normal traffic and traffic containing LDoS attacks in the time domain and frequency domain,which is used for feature calculation of traffic data,extracts the most useful informa-tion from network traffic data,and reduces the network data scale.Additionally,the improved Stacking algo-rithm could alleviate the imbalanced weight problem of meta-model samples for traffic classification.A series of experiments is conducted on the NS3 simulation platform to evaluate the performance of the proposed method.The experimental results show that the detection accuracy of TF Stacking reaches 98.07%,with only a 1.55%false negative rate,which can effectively detect LDoS attacks.
国家科技期刊平台
NSTL
万方数据
