Wang Jin, Wang Liping, Wang Ruiqing
College of Computer Science & Technology, Zhejiang University of Technology, Hangzhou 310023, China.
School of Mathematics, Zhengzhou University of Aeronautics, Zhengzhou 450046, China.
Math Biosci Eng. 2024 Feb 26;21(3):4187-4209. doi: 10.3934/mbe.2024185.
Low rate distributed denial of service attack (LR-DDoS) is a special type of distributed denial of service (DDoS) attack, which uses the vulnerability of HTTP protocol to send HTTP requests to applications or servers at a slow speed, resulting in long-term occupation of server threads and affecting the normal access of legitimate users. Since LR-DDoS attacks do not need to send flooding or a large number of HTTP requests, it is difficult for traditional intrusion detection methods to detect such attacks, especially when HTTP traffic is encrypted. To overcome the above problems, we proposed an encrypted LR-DDoS attack detection and mitigation method based on the multi-granularity feature fusion (MFFLR-DDoS) for software defined networking (SDN). This method analyzes the encrypted session flow from the time sequence of packets and the spatiality of session flow and uses different deep learning methods to extract features, to obtain more effective features for abnormal traffic detection. In addition, we used the advantages of SDN architecture to perform real-time defense against LR-DDoS attacks by the way of SDN controller issuing flow rules. The experimental results showed that the MFFLR-DDoS model had a higher detection rate than advanced methods, and could mitigate LR-DDoS attack traffic online and in real-time.
低速率分布式拒绝服务攻击(LR-DDoS)是分布式拒绝服务(DDoS)攻击的一种特殊类型,它利用HTTP协议的漏洞以低速向应用程序或服务器发送HTTP请求,导致服务器线程被长期占用,影响合法用户的正常访问。由于LR-DDoS攻击不需要发送洪水式或大量的HTTP请求,传统的入侵检测方法很难检测到此类攻击,尤其是在HTTP流量被加密的情况下。为了克服上述问题,我们针对软件定义网络(SDN)提出了一种基于多粒度特征融合的加密LR-DDoS攻击检测与缓解方法(MFFLR-DDoS)。该方法从数据包的时间序列和会话流的空间性分析加密的会话流,并使用不同的深度学习方法提取特征,以获得更有效的异常流量检测特征。此外,我们利用SDN架构的优势,通过SDN控制器发布流规则的方式对LR-DDoS攻击进行实时防御。实验结果表明,MFFLR-DDoS模型的检测率高于先进方法,并且能够在线实时缓解LR-DDoS攻击流量。
