On the Detection of Low-Rate Denial of Service Attacks at Transport and Application Layers
| dc.contributor.author | Vedula, Vasudha | |
| dc.contributor.author | Lama, Palden | |
| dc.contributor.author | Boppana, Rajendra V. | |
| dc.contributor.author | Trejo, Luis A. | |
| dc.date.accessioned | 2021-09-09T13:39:00Z | |
| dc.date.available | 2021-09-09T13:39:00Z | |
| dc.date.issued | 2021-08-30 | |
| dc.date.updated | 2021-09-09T13:39:00Z | |
| dc.description.abstract | Distributed denial of service (DDoS) attacks aim to deplete the network bandwidth and computing resources of targeted victims. Low-rate DDoS attacks exploit protocol features such as the transmission control protocol (TCP) three-way handshake mechanism for connection establishment and the TCP congestion-control induced backoffs to attack at a much lower rate and still effectively bring down the targeted network and computer systems. Most of the statistical and machine/deep learning-based detection methods proposed in the literature require keeping track of packets by flows and have high processing overheads for feature extraction. This paper presents a novel two-stage model that uses Long Short-Term Memory (LSTM) and Random Forest (RF) to detect the presence of attack flows in a group of flows. This model has a very low data processing overhead; it uses only two features and does not require keeping track of packets by flows, making it suitable for continuous monitoring of network traffic and on-the-fly detection. The paper also presents an LSTM Autoencoder to detect individual attack flows with high detection accuracy using only two features. Additionally, the paper presents an analysis of a support vector machine (SVM) model that detects attack flows in slices of network traffic collected for short durations. The low-rate attack dataset used in this study is made available to the research community through GitHub. | |
| dc.description.department | Computer Science | |
| dc.identifier | doi: 10.3390/electronics10172105 | |
| dc.identifier.citation | Electronics 10 (17): 2105 (2021) | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12588/677 | |
| dc.rights | Attribution 4.0 United States | |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | |
| dc.subject | deep learning models | |
| dc.subject | distributed denial of service attacks | |
| dc.subject | HTTP slow-read attacks | |
| dc.subject | machine learning models | |
| dc.subject | network security | |
| dc.subject | TCP SYN floods | |
| dc.title | On the Detection of Low-Rate Denial of Service Attacks at Transport and Application Layers | |
| dc.type | Article |