Skip to main content
SpringerLink
Log in

The use of statistical features for low-rate denial-of-service attack detection

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Low-rate denial-of-service (LDoS) attacks can significantly reduce network performance. These attacks involve sending periodic high-intensity pulse data flows, sharing similar harmful effects with traditional DoS attacks. However, LDoS attacks have different attack modes, making detection particularly challenging. The high level of concealment associated with LDoS attacks makes them extremely difficult to identify using traditional DoS detection methods. In this paper, we explore the potential of using statistical features for LDoS attack detection. Our results demonstrate the promising performance of statistical features in detecting these attacks. Furthermore, through ANOVA, mutual information, RFE, and SHAP analysis, we find that entropy and L-moment-based features play a crucial role in LDoS attack detection. These findings provide valuable insights into utilizing statistical features enhancing network security, thereby improving the overall resilience and stability of networks against various types of attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Data Availability

No datasets were generated or analyzed during the current study.

References

  1. Fouladi RF, Ermiş O, Anarim E (2020) A DDoS attack detection and defense scheme using time-series analysis for SDN. J Inf Secur Appl 54

  2. Bhushan K, Gupta B (2018) Hypothesis test for low-rate DDoS attack detection in cloud computing environment. Procedia Comput Sci 132:947–955

    Article  Google Scholar 

  3. Siracusano M, Shiaeles S, Ghita B (2018) Detection of LDDoS attacks based on TCP connection parameters. In: 2018 Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–6. IEEE

  4. Husain S, Kunz A, Song J (2022) 3G PP 5G core network: an overview and future directions. J Inf Commun Converg Eng. 20(1):8–15

    Google Scholar 

  5. Gaurav A, Gupta BB, Alhalabi W, Visvizi A, Asiri Y (2022) A comprehensive survey on DDoS attacks on various intelligent systems and it’s defense techniques. Int J Intell Syst 37(12):11407–11431

    Article  Google Scholar 

  6. Chen Z, Pham TND, Yeo CK, Lee BS, Lau CT (2017) FRRED: Fourier robust red algorithm to detect and mitigate LDoS attacks. In: 2017 Zooming Innovation in Consumer Electronics International Conference (ZINC), pp 13–17. IEEE

  7. Yue M, Liu L, Wu Z, Wang M (2018) Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network. Int J Commun Syst 31(2):3449

    Article  Google Scholar 

  8. Kayataş CE, Fouladi RF, Ermiş O, Anarim E (2018) Statistical measures: promising features for time series based DDoS attack detection. In: 2018 26th signal processing and communications applications conference (SIU), pp 1–4. IEEE

  9. Groeneveld RA, Meeden G (1984) Measuring skewness and kurtosis. Journal of the Royal Statistical Society: Series D (The Statistician) 33(4):391–399

    Google Scholar 

  10. Wehrl A (1978) General properties of entropy. Rev Mod Phys 50(2):221

    Article  MathSciNet  Google Scholar 

  11. Maftei C, Barbulescu A, Carsteanu AA (2016) Long-range dependence in the time series of Taiţa River discharges. Hydrol Sci J 61(9):1740–1747

    Article  Google Scholar 

  12. Hosking JR (1990) L-moments: analysis and estimation of distributions using linear combinations of order statistics. Journal of the Royal Statistical Society: Series B (Methodological) 52(1):105–124

    MathSciNet  Google Scholar 

  13. St L, Wold S et al (1989) Analysis of variance (ANOVA). Chemometr Intell Lab Syst 6(4):259–272

    Article  Google Scholar 

  14. Lall S, Sinha D, Ghosh A, Sengupta D, Bandyopadhyay S (2021) Stable feature selection using copula based mutual information. Pattern Recogn 112:107697

    Article  Google Scholar 

  15. Chen X-w, Jeong JC (2007) Enhanced recursive feature elimination. In: Sixth International Conference on Machine Learning and Applications (ICMLA 2007), pp 429–435. IEEE

  16. Lundberg S (2020) SHAP (SHapley Additive exPlanations)

  17. Boukhamla A, Gaviro JC (2021) Cicids 2017 dataset: performance improvements and validation as a robust intrusion detection system testbed. Int J Inf Comput Secur 16(1–2):20–32

    Google Scholar 

  18. Chen Z, Yeo CK, Lee BS, Lau CT (2018) Power spectrum entropy based detection and mitigation of low-rate DoS attacks. Comput Netw 136:80–94

    Article  Google Scholar 

  19. Wu Z-J, Zhang J-A, Yue M, Zhang C-F (2017) Approach of detecting low-rate dos attack based on combined features. J Commun 38(5):19–30

    Google Scholar 

  20. Zhang D, Tang D, Tang L, Dai R, Chen J, Zhu N (2019) PCA-SVM-based approach of detecting low-rate DoS attack. In: 2019 IEEE 21st international conference on high performance computing and communications; IEEE 17th international conference on Smart City; IEEE 5th international conference on Data Science and Systems (HPCC/SmartCity/DSS), pp 1163–1170. IEEE

  21. Yan Y, Tang D, Zhan S, Dai R, Chen J, Zhu N (2019) Low-rate DoS attack detection based on improved logistic regression. In: 2019 IEEE 21st international conference on high performance computing and communications; IEEE 17th international conference on Smart City; IEEE 5th international conference on Data Science and Systems (HPCC/SmartCity/DSS), pp 468–476 . IEEE

  22. Tang D, Yan Y, Dai R, Qin Z, Chen J, Zhang D (2022) A novel LDoS attack detection method based on reconstruction anomaly. Clust Comput 25(2):1373–1392

    Article  Google Scholar 

  23. Tang D, Chen J, Wang X, Zhang S, Yan Y (2022) A new detection method for LDoS attacks based on data mining. Futur Gener Comput Syst 128:73–87

    Article  Google Scholar 

  24. Shi W, Tang D, Zhan S, Qin Z, Wang X (2022) An approach for detecting LDoS attack based on cloud model. Front Comput Sci 16(6)

  25. Fouladi RF, Kayatas CE, Anarim E (2016) Frequency based DDoS attack detection approach using naive Bayes classification. In: 2016 39th international conference on Telecommunications and Signal Processing (TSP), pp 104–107. IEEE

  26. Fouladi RF, Ermiş O, Anarim E (2022) A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN. Comput Netw 214

  27. Zhang N, Jaafar F, Malik Y (2019) Low-rate DoS attack detection using PSD based entropy and machine learning. In: 2019 6th IEEE international conference on Cyber Security and Cloud computing (CSCloud)/2019 5th IEEE international conference on edge computing and scalable cloud (EdgeCom), pp 59–62. IEEE

  28. Agrawal N, Tapaswi S (2018) Low rate cloud DDoS attack defense method based on power spectral density analysis. Inf Process Lett 138:44–50

    Article  MathSciNet  Google Scholar 

  29. Brynielsson J, Sharma R (2015) Detectability of low-rate http server dos attacks using spectral analysis. In: Proceedings of the 2015 IEEE/ACM international conference on advances in social networks analysis and mining 2015, pp 954–961

  30. Fuladi R, Baykas T, Anarim E (2023) The use of statistical features for low-rate denial of service attack detection. In: 2023 2nd International Conference on 6G Networking (6GNet), pp 1–6. IEEE

  31. Næs T, Mevik B-H (2001) Understanding the collinearity problem in regression and discriminant analysis. Journal of Chemometrics: A Journal of the Chemometrics Society 15(4):413–426

    Article  Google Scholar 

Download references

Funding

This work was supported by the Scientific and Technological Research Council of Turkey (TUBITAK) through the 1515 Frontier Research and Development Laboratories Support Program under Project 5169902, and has been partly funded by the Hexa-X II project, which has received funding from the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation program and Grant Agreement No 101095759.

Author information

Author notes

  1. Tuncer Baykas and Emin Anarim contributed equally to this work.

Authors and Affiliations

  1. Ericsson Research, Istanbul, Turkey

    Ramin Fuladi

  2. Kadir Has University, Istanbul, Turkey

    Tuncer Baykas

  3. Bogazici University, Istanbul, Turkey

    Emin Anarim

Authors
  1. Ramin Fuladi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tuncer Baykas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emin Anarim
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed equally to the publication and reviewed the manuscript.

Corresponding author

Correspondence to Ramin Fuladi.

Ethics declarations

Conflict of interest

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fuladi, R., Baykas, T. & Anarim, E. The use of statistical features for low-rate denial-of-service attack detection. Ann. Telecommun. (2024). https://doi.org/10.1007/s12243-024-01027-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s12243-024-01027-3

Keywords

Search

Navigation