Abstract

Low-rate denial-of-service (LDoS) attack is a new kind of network attack with low average attack traffic and high concealment. The current detection methods for LDoS attacks have some deficiencies, such as low detection efficiency, high false positive rate and false negative rate, and weak generalization, etc. By analyzing the phenomenon of network under LDoS attack and extracting the characteristics of TCP flow, this paper proposes an LDoS attack detection method combining with Principal Component Analysis (PCA) and Support Vector Machine (SVM). In order to filter the noise interference in the complex environment and to extract the main features of the sampling time slice effectively and reduce the dimension of calculation, this paper uses PCA algorithm to extract the principal components of the original flow data. Then, by using SVM algorithm to solve the model of the optimal hyperplane, the test data is classified and predicted, and finally realize the detection of LDoS attacks. Experimental results on NS2 and test-bed show that, compared with other methods, this approach is able to detect LDoS attacks more accurately, with l higher detection rate, lower false positive rate, false negative rate and certain generalization performance.