Visible to the public Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning

TitleLow-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning
Publication TypeConference Paper
Year of Publication2019
AuthorsZhang, Naiji, Jaafar, Fehmi, Malik, Yasir
Conference Name2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)
Keywordscommunication complexity, complex low-rate DoS attack detection, composability, Computer crime, computer network security, DDoS, decision algorithm, decision theory, detection algorithms, distributed denial of service attack, Entropy, Entropy., feature extraction, intrusion detection system, LDoS attacks, learning (artificial intelligence), Low-rate DDoS, machine learning, malicious LDoS traffic, power spectral density, Predictive Metrics, PSD, PSD based entropy, pubcrawl, Resiliency, support vector machine based machine learning model, Support vector machines, SVM, TCP congestion-control mechanism, telecommunication traffic, Training
AbstractThe Distributed Denial of Service attack is one of the most common attacks and it is hard to mitigate, however, it has become more difficult while dealing with the Low-rate DoS (LDoS) attacks. The LDoS exploits the vulnerability of TCP congestion-control mechanism by sending malicious traffic at the low constant rate and influence the victim machine. Recently, machine learning approaches are applied to detect the complex DDoS attacks and improve the efficiency and robustness of the intrusion detection system. In this research, the algorithm is designed to balance the detection rate and its efficiency. The detection algorithm combines the Power Spectral Density (PSD) entropy function and Support Vector Machine to detect LDoS traffic from normal traffic. In our solution, the detection rate and efficiency are adjustable based on the parameter in the decision algorithm. To have high efficiency, the detection method will always detect the attacks by calculating PSD-entropy first and compare it with the two adaptive thresholds. The thresholds can efficiently filter nearly 19% of the samples with a high detection rate. To minimize the computational cost and look only for the patterns that are most relevant for detection, Support Vector Machine based machine learning model is applied to learn the traffic pattern and select appropriate features for detection algorithm. The experimental results show that the proposed approach can detect 99.19% of the LDoS attacks and has an O (n log n) time complexity in the best case.
DOI10.1109/CSCloud/EdgeCom.2019.00020
Citation Keyzhang_low-rate_2019