Detection of Pulsing DoS Attacks at Their Source Networks
Pulsing Denial of Service (PDoS) is a type of DoS attack. Its attacking behavior is intermittent rather than constant, which helps it avoid being detected. In this paper, an adaptive detection method is proposed for source-end detection of PDoS attacks. It has three distinctive features: (i) its detection statistic is based on the discrepancy in the aggregated outbound and inbound packets; (ii) a self-adaptive detection threshold adapts it quickly to the variations of network traffic and the latest detection result; (iii) random abnormalities in the normal network traffic can be filtered by consecutive accumulation of threshold violations. Experimental results show the minimum attack traffic that can be detected is less than 35% of the background traffic, under the requirements that probability of false alarms is less than 10-6, probability of a miss during an attack is less than 10-2 and detection delay is within 7 sampling periods.
Keywords: Pulsing DoS, Attack Detection, Adaptive Detection, Source-end Defense, Network Security.
Download Full-Text
ABOUT THE AUTHORS
Ming Yu
Ming Yu received the BS degree in electronics engineering in 1998 from Shandong University, China. He received the MS degree and Ph.D degree in information and telecommunication system in 2004 and 2008 from Xidian University, China. He is currently an associate professor in Dalian University of Technology, China. He is also a member of IEEE Computer Society. So far, he has 15 papers published in international journals. His research interests include network security, cloud computing and DoS defense.
Xiong-Wei Li
Xiong-wei Li received the BS degree in electronics engineering in 1998 from Wuhan Air Force Radar Academy, China. He received the MS degree and Ph.D degree in information and telecommunication system in 2004 and 2008 from Ordnance Engineering College, China. He is currently an associate professor in Ordnance Engineering College, China. He is also a member of IEEE Computer Society. So far, he has 10 papers published in international journals and conferences. His research interests include network security, and DoS defense.
Ming Yu
Ming Yu received the BS degree in electronics engineering in 1998 from Shandong University, China. He received the MS degree and Ph.D degree in information and telecommunication system in 2004 and 2008 from Xidian University, China. He is currently an associate professor in Dalian University of Technology, China. He is also a member of IEEE Computer Society. So far, he has 15 papers published in international journals. His research interests include network security, cloud computing and DoS defense.
Xiong-Wei Li
Xiong-wei Li received the BS degree in electronics engineering in 1998 from Wuhan Air Force Radar Academy, China. He received the MS degree and Ph.D degree in information and telecommunication system in 2004 and 2008 from Ordnance Engineering College, China. He is currently an associate professor in Ordnance Engineering College, China. He is also a member of IEEE Computer Society. So far, he has 10 papers published in international journals and conferences. His research interests include network security, and DoS defense.
