In frequency domain, the power spectrum of Low-rate denial of service (LDoS) attacks is totally spread into the spectrum of normal traffic. It is a challenging task to detect and filter LDoS attack flows from the normal traffic. Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains, the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing. Hence, an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed. In this approach, the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain. Then the round-trip time (RTT) is estimated by using frequency domain search method. Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT. Therefore, a comb filter using infinite impulse response (IIR) filter is designed to filter out the LDoS attack flows in frequency domain, while most legitimate TCP traffic energy at the points of n/RTT are pass through. Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%, while the maximum filtration rate of LDoS attack flows reaches 81.36%. The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.

• 出版日期2017-6
• 单位中国民航大学