TY - JOUR AU - Tang, Dan AU - Dai, Rui AU - Tang, Liu AU - Li, Xiong PY - 2020 DA - 2020/02/06 TI - Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis JO - Human-centric Computing and Information Sciences SP - 6 VL - 10 IS - 1 AB - Low-rate denial of service (LDoS) attacks send attacking bursts intermittently to the network which can severely degrade the victim system’s Quality of Service (QoS). The low-rate nature of such attacks complicates attack detection. LDoS attacks repeatedly trigger the congestion control mechanism, which can make TCP traffic extremely unstable. This paper investigates the network traffic’ characteristics, in which variance and entropy are used to evaluate the TCP traffic’s characteristics, and the ratio of UDP traffic to TCP traffic (UTR) is also analyzed. Thus, a detection method combining two-step cluster analysis and UTR analysis is proposed. Through two-step cluster analysis which is one of the machine learning algorithms, network traffic is divided into multiple clusters and then clusters subjected to LDoS attacks are determined using UTR analysis. NS2 simulation platform and test-bed network environment aim to evaluate the detection approach’s performance. To better assess the effectiveness of the method, public dataset WIDE is also utilized. Experimental results with a good performance prove that the proposed detection approach can accurately detect LDoS attacks. SN - 2192-1962 UR - https://doi.org/10.1186/s13673-020-0210-9 DO - 10.1186/s13673-020-0210-9 ID - Tang2020 ER -