Abstract
Low-rate denial-of-service (LDoS) attacks can significantly reduce network performance. These attacks involve sending periodic high-intensity pulse data flows, sharing similar harmful effects with traditional DoS attacks. However, LDoS attacks have different attack modes, making detection particularly challenging. The high level of concealment associated with LDoS attacks makes them extremely difficult to identify using traditional DoS detection methods. In this paper, we explore the potential of using statistical features for LDoS attack detection. Our results demonstrate the promising performance of statistical features in detecting these attacks. Furthermore, through ANOVA, mutual information, RFE, and SHAP analysis, we find that entropy and L-moment-based features play a crucial role in LDoS attack detection. These findings provide valuable insights into utilizing statistical features enhancing network security, thereby improving the overall resilience and stability of networks against various types of attacks.
Similar content being viewed by others
Data Availability
No datasets were generated or analyzed during the current study.
References
Fouladi RF, Ermiş O, Anarim E (2020) A DDoS attack detection and defense scheme using time-series analysis for SDN. J Inf Secur Appl 54
Bhushan K, Gupta B (2018) Hypothesis test for low-rate DDoS attack detection in cloud computing environment. Procedia Comput Sci 132:947–955
Siracusano M, Shiaeles S, Ghita B (2018) Detection of LDDoS attacks based on TCP connection parameters. In: 2018 Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–6. IEEE
Husain S, Kunz A, Song J (2022) 3G PP 5G core network: an overview and future directions. J Inf Commun Converg Eng. 20(1):8–15
Gaurav A, Gupta BB, Alhalabi W, Visvizi A, Asiri Y (2022) A comprehensive survey on DDoS attacks on various intelligent systems and it’s defense techniques. Int J Intell Syst 37(12):11407–11431
Chen Z, Pham TND, Yeo CK, Lee BS, Lau CT (2017) FRRED: Fourier robust red algorithm to detect and mitigate LDoS attacks. In: 2017 Zooming Innovation in Consumer Electronics International Conference (ZINC), pp 13–17. IEEE
Yue M, Liu L, Wu Z, Wang M (2018) Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network. Int J Commun Syst 31(2):3449
Kayataş CE, Fouladi RF, Ermiş O, Anarim E (2018) Statistical measures: promising features for time series based DDoS attack detection. In: 2018 26th signal processing and communications applications conference (SIU), pp 1–4. IEEE
Groeneveld RA, Meeden G (1984) Measuring skewness and kurtosis. Journal of the Royal Statistical Society: Series D (The Statistician) 33(4):391–399
Wehrl A (1978) General properties of entropy. Rev Mod Phys 50(2):221
Maftei C, Barbulescu A, Carsteanu AA (2016) Long-range dependence in the time series of Taiţa River discharges. Hydrol Sci J 61(9):1740–1747
Hosking JR (1990) L-moments: analysis and estimation of distributions using linear combinations of order statistics. Journal of the Royal Statistical Society: Series B (Methodological) 52(1):105–124
St L, Wold S et al (1989) Analysis of variance (ANOVA). Chemometr Intell Lab Syst 6(4):259–272
Lall S, Sinha D, Ghosh A, Sengupta D, Bandyopadhyay S (2021) Stable feature selection using copula based mutual information. Pattern Recogn 112:107697
Chen X-w, Jeong JC (2007) Enhanced recursive feature elimination. In: Sixth International Conference on Machine Learning and Applications (ICMLA 2007), pp 429–435. IEEE
Lundberg S (2020) SHAP (SHapley Additive exPlanations)
Boukhamla A, Gaviro JC (2021) Cicids 2017 dataset: performance improvements and validation as a robust intrusion detection system testbed. Int J Inf Comput Secur 16(1–2):20–32
Chen Z, Yeo CK, Lee BS, Lau CT (2018) Power spectrum entropy based detection and mitigation of low-rate DoS attacks. Comput Netw 136:80–94
Wu Z-J, Zhang J-A, Yue M, Zhang C-F (2017) Approach of detecting low-rate dos attack based on combined features. J Commun 38(5):19–30
Zhang D, Tang D, Tang L, Dai R, Chen J, Zhu N (2019) PCA-SVM-based approach of detecting low-rate DoS attack. In: 2019 IEEE 21st international conference on high performance computing and communications; IEEE 17th international conference on Smart City; IEEE 5th international conference on Data Science and Systems (HPCC/SmartCity/DSS), pp 1163–1170. IEEE
Yan Y, Tang D, Zhan S, Dai R, Chen J, Zhu N (2019) Low-rate DoS attack detection based on improved logistic regression. In: 2019 IEEE 21st international conference on high performance computing and communications; IEEE 17th international conference on Smart City; IEEE 5th international conference on Data Science and Systems (HPCC/SmartCity/DSS), pp 468–476 . IEEE
Tang D, Yan Y, Dai R, Qin Z, Chen J, Zhang D (2022) A novel LDoS attack detection method based on reconstruction anomaly. Clust Comput 25(2):1373–1392
Tang D, Chen J, Wang X, Zhang S, Yan Y (2022) A new detection method for LDoS attacks based on data mining. Futur Gener Comput Syst 128:73–87
Shi W, Tang D, Zhan S, Qin Z, Wang X (2022) An approach for detecting LDoS attack based on cloud model. Front Comput Sci 16(6)
Fouladi RF, Kayatas CE, Anarim E (2016) Frequency based DDoS attack detection approach using naive Bayes classification. In: 2016 39th international conference on Telecommunications and Signal Processing (TSP), pp 104–107. IEEE
Fouladi RF, Ermiş O, Anarim E (2022) A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN. Comput Netw 214
Zhang N, Jaafar F, Malik Y (2019) Low-rate DoS attack detection using PSD based entropy and machine learning. In: 2019 6th IEEE international conference on Cyber Security and Cloud computing (CSCloud)/2019 5th IEEE international conference on edge computing and scalable cloud (EdgeCom), pp 59–62. IEEE
Agrawal N, Tapaswi S (2018) Low rate cloud DDoS attack defense method based on power spectral density analysis. Inf Process Lett 138:44–50
Brynielsson J, Sharma R (2015) Detectability of low-rate http server dos attacks using spectral analysis. In: Proceedings of the 2015 IEEE/ACM international conference on advances in social networks analysis and mining 2015, pp 954–961
Fuladi R, Baykas T, Anarim E (2023) The use of statistical features for low-rate denial of service attack detection. In: 2023 2nd International Conference on 6G Networking (6GNet), pp 1–6. IEEE
Næs T, Mevik B-H (2001) Understanding the collinearity problem in regression and discriminant analysis. Journal of Chemometrics: A Journal of the Chemometrics Society 15(4):413–426
Funding
This work was supported by the Scientific and Technological Research Council of Turkey (TUBITAK) through the 1515 Frontier Research and Development Laboratories Support Program under Project 5169902, and has been partly funded by the Hexa-X II project, which has received funding from the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation program and Grant Agreement No 101095759.
Author information
Authors and Affiliations
Contributions
All authors contributed equally to the publication and reviewed the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Fuladi, R., Baykas, T. & Anarim, E. The use of statistical features for low-rate denial-of-service attack detection. Ann. Telecommun. (2024). https://doi.org/10.1007/s12243-024-01027-3
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12243-024-01027-3