Premium
Fast and lightweight detection and filtering method for low‐rate TCP targeted distributed denial of service (LDDoS) attacks
Author(s) -
Şimşek Mehmet,
Şentürk Arafat
Publication year - 2018
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.3823
Subject(s) - denial of service attack , computer science , metric (unit) , false positive rate , intrusion detection system , real time computing , computer security , artificial intelligence , operations management , the internet , economics , world wide web
Summary Detection and filtering of low‐rate distributed denial of service (LDDoS) attacks is hard since their behavior is similar to legitimate users' behavior. In the literature, there are many filtering approaches and metrics for LDDoS attacks. However, most of the LDDoS detection methods in the literature only monitor congestion state. Actually, precongestion period that the attack has already started has valuable information about the attack. In this study, we proposed a method that uses precongestion period for metric calculation. Also, most of LDDoS filtering approaches have high false‐positive and false‐negative rates and also require long period of time for detection. Additionally, we developed an efficient method for detection and filtering of LDDoS attacks. According to the experimental results, the proposed LDDoS detection method has zero false‐positive and false‐negative rates under the scenarios; attack detection time is significantly reduced with using the proposed metric calculation approach. Also, the proposed method has a simple logic, and it requires simple calculations. This increases the applicability of the developed method.