Abstract:In network security, Low-rate Denial of Service (LDoS) attacks can severely degrade the quality of the network service by sending attacking pulses intermittently with a low-rate behavior. It is hard to accurately detect this attack because of its low-rate nature and stealth. By combining the discrete Fourier transform (DFT) and discrete wavelet transform (DWT) with autoencoder-based anomaly detection, we put forward a novel LDoS attack detection method. According to the approximate coefficients (NAC), the normalized amplitude spectrum of network traffic (NAS) and the normalized reconstruction signal according to the approximate coefficients (NAC) have a significant difference between normal and LDoS conditions. The proposed detection method consists of two detection models, one is NAS–AE that takes the normalized amplitude spectrum (NAS) of network traffic as the input of the autoencoder, and the other is the NAC–AE that employs the normalized reconstruction signal as the input of the autoencoder. The reconstruction error of the network signal is represented as the difference between the autoencoder input and output. Network traffic without LDoS attacks can be reconstructed well by the autoencoder trained with normal network traffic, while the network traffic under LDoS conditions will be failed to do so, resulting in an anomaly of the reconstruction error. The reconstruction anomaly indicates that the network is under LDoS conditions. Experiments performed in NS2 and test-bed networking prove that the method put forward by us can detect LDoS attacks accurately.

A novel LDoS attack detection method based on reconstruction anomaly