Congyuan Xu,Jizhong Shen,Xin Du

DOI: https://doi.org/10.1016/j.jisa.2021.102879

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Low-rate Denial of Service (LDoS) attacks use the low-rate requests to achieve the occupation of the network resources and have strong concealment. The traditional signal analysis based detection methods are challenging to detect LDoS attacks in the fluctuating legitimate traffic. In this paper, an LDoS attack detection method based on hybrid deep neural networks is proposed using one-dimensional convolutional neural network and gated recurrent unit. In order to evaluate the proposed detection method in the real scenarios, we captured real legitimate traffic from a website in the datacenter, and carried out a variety of real LDoS attacks on the mirror of the website in the laboratory environment to obtain real attack traffic. The detection results on the real traffic show that the proposed detection method does not need to extract features manually and can effectively detect LDoS attacks in fluctuating HTTP traffic with an average detection rate of 98.68%, which is more advantageous than MF-DFA or power spectral density based detection methods.

Zhaohui Hu,Qi Chen,Ruizhao Yu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.020

2001-01-01

Abstract:This article introduces the implementation of TCP Protocol and the technique of Port Scanning based on the characteristic of TCP Protocol,at the same time,the several implementations of Port Scanning are also described. We also analyze the potential external attacks that can be made because of the weakness of operation system and the ways to avoid suck kinds of attack are also put up.

WEI Wei,DONG Ya-bo,LU Dong-ming,JIN Guang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.05.007

2008-01-01

Abstract:Low rate TCP-targeted denial of service(DoS) attack makes use of time-out and retransmission mechanism in transmission control protocol(TCP) and could severely decrease the throughput of legitimate TCP traffic.With its attacking traffic pattern,obvious difference was found between the power spectrum density(PSD) of legitimate and attack traffic samples.The statistical characteristic of this difference in history data was analyzed,and a detection method using the summation of low frequency was proposed.Meanwhile,based on the methods of leak bucket and the increasing of routing buffer,a response method was provided,which uses leak bucket periodically for smoothing the flow and uses buffer for holding extra traffic to send in next period,and its reasonable resource requirement was proved.Simulations show that for more general attack scenarios than the existing methods,the detection method has very low positive and negative false ratio,and the response method can depress attack flows more effectively than the previous methods and maintain the legitimate throughput in a normal level while the previous methods failed.

刘敏,过晓冰,伍卫国,钱德沛

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.07.032

2002-01-01

Abstract:This paper introduces the concept of network scanning, and current methodology of network scanning, presents a detection system for network scanning. It describes also the work flow and the implementation of this system.

Sheng Zhang,QiFei Zhang,Xuezeng Pan,Xuhui Zhu

DOI: https://doi.org/10.1109/ETCS.2010.476

2010-01-01

Abstract:Distributed Denial-of-Service (DDos) attack is one of the high threats to the Internet. This paper proposes a measure based on Hurst coefficient to detect DDoS on Low-rate. The result of experiments shows that the measure can detect the DDoS intrusion hided in the normal data traffic in real time. © 2010 IEEE.

WANG Wei,LU Dongming,DONG Yabo,CHEN Yufeng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.17.072

2006-01-01

Abstract:With the rapid development of computer technology,Internet applications are used more and more widely,computer networks are exposed to various threats,especially network worms.This paper introduces the definition and principle of network worms,and based on the mechanism of network worms,it proposes and implements a network worm detection system for Internal network,which is proved to be able to detect the network worm accurately.

霍宝锋,刘伯莹,岳兵,谢冰

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.08.004

2002-01-01

Abstract:A survey of the common network attacks are presented and five kinds of attacks include Probe,DoS,R2L,U2R and Data attacksare analysed.Some important attacks such as SYN Flooding,DDoS,IP spoofing,Trojan,Buffer_overflow and TCP hijack are researched particularly. Finally, as a countermeasure,the intrusion-detection model based on audit record is proposed in detail. ;;;

濮青

DOI: https://doi.org/10.3969/j.issn.1001-3695.2003.03.023

2003-01-01

Abstract:Denial of Sevice (DoS) attack on the Internet now has become a ordinary network attack method.DoS attack is a malicious action that exhausts victim hosts resources and prevents them from serving any other legal users by exploiting software bugs or system leaks.In this paper,we discuss the theory of DoS attack,analyze some potential leaks in TCP/IP protocol set,and introduce some new progress such as DDos .We also show how to make security plans to defense the DoS attacks by using Firewalls or IDS.

Kun Ding,Lin Liu,Yun Liu

DOI: https://doi.org/10.1007/978-94-007-7262-5_100

2013-01-01

Abstract:Low-rate Denial of Service (LDoS) attack is a new type of Denial of Service attack, which is difficult for the router and victim site to detect because the attack packets are as many as the valid packets. In consideration of the fact that the features in time domain between attack traffic and valid traffic are different, we present a method to identify such kind of attack and try to trace the potential location of the attacker. We also carry out a simulation to illustrate the usability of this method.

CAI Hongmin,WU Naiqi,TENG Shaohua

DOI: https://doi.org/10.3969/j.issn.2095-347x.2007.02.026

2007-01-01

Abstract:This article introduces the theorys and the methods of the detection of port scanning and OS scanning,and put forward a model of detecting port scanning and OS scanning.It can effectively detects many types of attack of scanning,by capturing the network packets and matching the snort rules.In the end,the article introduced the significance and prospect of the model.

LIU Ting-hua,SONG Hua,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.09.003

2006-01-01

Abstract:Techniques of the port scan and its detection were introduced briefly.A new self-adaptive distributed detection method of port scan wasdesigned and implemented.By detecting anomalous packets and calculating the class's anomalysum value,it sets adynamic threshold combined with the network traffic,and then judges whether that is a scan.This method could detect slow scans,random scans and distributed scans effectively.And it could detect DDoS(distributed denial of service) attacks as well.

Wu Gang,Xue Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.07.053

2006-01-01

Abstract:We analyze the particular attack methods against the Wireless LAN,and propose the related detection mechanism. With regard to the attacks that be based upon MAC Spoofing,we bring forward a detection technology which uses sequence number filed of 802.11 frame. For other Intrusion methods,the related Intrusion detection mechanism is based on the match of attack characteristic.

QIU Jun-sha,MEI Lin,WANG Kong-lin,HU Guang-min

DOI: https://doi.org/10.3969/j.issn.1001-3695.2011.12.0060

2011-01-01

Abstract:First this paper proposed two detection methods based on either call statistic or traffic signal analysis respectively according to the attack types,then designed a detection system with two stage strategy,which comprised rough detection appl-ying the two methods and precise detection to confirm the attack and find out the source.Simulation shows that the scheme is effective and real-time in detecting typical attacks and can be practically applied,which provides a solution to deal with the new security issue introduced by network convergence.

苏更殊,李之棠

DOI: https://doi.org/10.3969/j.issn.1000-7024.2002.11.002

2002-01-01

Abstract:This article describes the system construction of the DDOS attack model, and deeply analyses the principle of DDOS attack and some real attack tools. In order to improve the network security, this article bases on the process and characteristic of DDOS attack, and provides some models of detecting DDOS attack and some technical method to protect from the DDOS attack.

Weitong CHEN,Yuntao QIAN

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.16.050

2006-01-01

Abstract:This paper presents a network intrusion detection method based on Rough Set theory,and use a hybrid method with genetic algorithm to find a possibly short reduct which can reduce computing time.The result of the experiment shows that this model has high detection rate and low false reject rate in detecting DoS and probe attacks,and performs well in detecting R2L and U2R attacks either.

XU Lin,WANG Yi-jun,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.02.027

2013-01-01

Abstract:With the development of the Internet,more attackers utilize and attack the weak points of network,this often results in various damages. As far as the network is concerned,DDoS is always a very dangerous way,while the traditional DDoS attack on the network layer is restrained owing to the technical advances. Nowadays,more DDoS attacks occur on the application layer,and although there exist many detect methods,the application DDoS attack is not radically resolved. This article discusses the discipline and measures of application DDoS attack,summarizes the principal defending methods at present. Finally for the shortcomings of these methods,some improvements are proposed.

刘飞,史晓敏

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.z1.220

2004-01-01

Abstract:With the development of network technology,network security can earlier expose to DoS attack.This paper introduces the principle and usual methods of DoS/DDoS attack, and proposes the design and implementation of Linux-gateway-based DoS/DDoS protection system. The system integrates the anti-scanning and anti-trace, stateful packet inspection, intrusion detection and protection technology. It can resist the usual attack of net scan and DOS/DDOS efficiently.

Nashat, D.,Xiaohong Jiang,Horiguchi, S.

DOI: https://doi.org/10.1109/HSPR.2008.4734440

2008-01-01

Abstract:The TCP SYN flooding attack is the most prevalent type of DDoS attacks that exhaust network resources. The current detection schemes only work well for the detection of high-rate flooding sources. It is notable, however, that in the current DDoS attacks, the flooding rate is usually distributed among many low-rate flooding agents to make the detection more difficult. Therefore, a more sensitive and fast detection scheme is highly desirable for the efficient detection of these low-rate flooding sources. In this paper, we focus on the low-rate agent and propose a router-based detection scheme for it. The proposed scheme is based on the TCP SYN-SYN/ACK protocol pair with the consideration of packet header information (both sequence and Ack. numbers). To make our scheme more sensitive and generally applicable, the counting bloom filter is used to avoid the effect of SYN/ACK retransmission and the change point detection method is applied to avoid the dependence of detection on sites and access patterns. Extensive trace-driven simulation has been conducted to demonstrate the efficiency of the proposed scheme in terms of its detection probability and also average detection time.

Shan Rong-sheng,Li Xiao-yong D.,Li Jian-hua

DOI: https://doi.org/10.1007/s11741-004-0073-8

2004-01-01

Abstract:Detection of port scan is an important component in a network intrusion detection and prevention system. Traditional statistical methods can be easily evaded by stealthy scans and are prone to DoS attacks. This paper presents a new mechanism termed PSD(port scan detection), which is based on TCP packet anomaly evaluation. By learning the port distribution and flags of TCP packets arriving at the protected hosts, PSD can compute the anomaly score of each packet and effectively detect port scans including slow scans and stealthy scans. Experiments show that PSD has high detection accuracy and low detection latency.

Ding Pengfule,Tian Zhihong,Zhang Hongli,Wang Yong,Zhang Liang,Guo Sanchuan

DOI: https://doi.org/10.1109/dsc.2016.108

2016-01-01

Abstract:The extensive use of Internet technology has brought great convenience to modern society, however, more and more severe problems regarding to network security have also emerged at the same time. Especially the DDoS attacks, represented by SYN Flood, pose massive threats to the network security. This paper discusses an algorithm which could detect SYN Flood attack quickly under large scale network: the adaptive threshold algorithm. Then we propose "Slow detection, Fast recovery" mechanism on basis of adaptive threshold algorithm. Finally, we implement the attack detection and defense algorithms in dual-stack firewall, and test the validity and performance respectively. The results indicate that the methods of detecting and defending SYN Flood proposed by this paper can improve the system efficiency substantially when firewall is attacked, while consuming only a small amount of extra memory.