Low-rate denial of service (LDoS) attacks reduce throughput and degrade quality of service (QoS) of network services by sending out attack packets with relatively low average rate. LDoS attack flows are difficult to detect from normal traffic since it has the property of low average rate. The research on network traffic analysis and modeling shows that network traffic measurement data are irregular nonlinear time series. To characterize and analyze network traffic between attack and non-attack situations, the adaptive normal and abnormal -support vector regression (-SVR) prediction models are constructed on the basis of the reconstructed phase space. In this paper, the dimension of reconstructed phase space for -SVR is optimized by Bayesian information criteria method, and the parameter in the radial basis function is adaptively adjusted by minimizing the within-class distance and maximizing the between-class distance in the feature space. The nonthreshold decision function is obtained through calculating the prediction error of adaptive normal and abnormal -SVR prediction models, which is adopted to detect LDoS attacks. Experiments in NS-2 environment show that the adaptive -SVR prediction model can effectively predict the network traffic measurement time series, and the probability distribution of time series generated by the adaptive -SVR prediction model is quite similar to that of the network traffic measurement data. Experiments also clearly demonstrate the superiority of the proposed approach in LDoS attacks detection.

• 出版日期2018-3-25
• 单位中国民航大学