LDoS attack detection method based on traffic time-frequency characteristics

TL;DR

This paper introduces a real-network LDoS attack detection method utilizing traffic time-frequency features and deep neural networks, achieving high accuracy with low computational overhead suitable for online detection.

Contribution

It proposes a novel detection approach based on traffic time-frequency characteristics and deep learning, avoiding complex algorithms and packet parsing for practical deployment.

Findings

High detection accuracy for complex LDoS attacks

Fast detection in short time frames

No need for packet parsing, adaptable to various networks

Abstract

For the traditional denial-of-service attack detection methods have complex algorithms and high computational overhead, which are difficult to meet the demand of online detection; and the experimental environment is mostly a simulation platform, which is difficult to deploy in real network environment, we propose a real network environment-oriented LDoS attack detection method based on the time-frequency characteristics of traffic data. All the traffic data flowing through the Web server is obtained through the acquisition storage system, and the detection data set is constructed using pre-processing; the simple features of the flow fragments are used as input, and the deep neural network is used to learn the time-frequency domain features of normal traffic features and generate reconstructed sequences, and the LDoS attack is discriminated based on the differences between the reconstructed sequences and the input data in the time-frequency domain. The experimental results show that the proposed method can accurately detect the attack features in the flow fragments in a very short time and achieve high detection accuracy for complex and diverse LDoS attacks; since only the statistical features of the packets are used, there is no need to parse the packet data, which can be adapted to different network environments.