Detection method of LDoS attacks based on combination of ANN ＆ KPCA

Low-rate denial-of-service (LDoS) attack is a new type of attack mode for TCP protocol.Characteristics of low average rate and strong concealment make it difficult for detection by traditional DoS detecting methods.According to characteristics of LDoS attacks,a new LDoS queue future was proposed from the router queue,the kernel principal component analysis (KPCA) method was combined with neural network,and a new method was present to detect LDoS attacks.The method reduced the dimensionality of queue feature via KPCA algorithm and made the reduced dimension data as the inputs of neural network.For the good sell-learning ability,BP neural network could generate a great LDoS attack classifier and this classifier was used to detect the attack.Experiment results show that the proposed approach has the characteristics of effectiveness and low algorithm complexity,which helps the design of high performance router.     

Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network

As a special type of denial of service (DoS) attacks, the TCP‐targeted low‐rate denial of service (LDoS) attacks have the characteristics of low average rate and strong concealment, so it is difficult to identify such attack traffic. As multifractal characteristics exist in network traffic, a new identification approach based on wavelet transform and combined neural network is proposed to classify normal network traffic and LDoS attack traffic. Wavelet energy spectrum coefficients extracted from the sampled traffic are used for multifractal analysis of traffic over different time scale. The combined neural network is designed to classify these multiscale spectrum coefficients that show different multifractal characteristics belonging to normal network traffic and LDoS attack traffic. Test results of test‐bed experiments indicate that the proposed approach can identify LDoS attack traffic accurately.     

Detection method of LDoS attack based on ACK serial number step-length

Low-rate denial of service (LDoS) attack is a potential security threat to big data centers and cloud computing platforms because of its strong concealment.Based on the analysis of network traffic during the LDoS attack,statistical analysis was given of ACK packets returned by the data receiver to the sender,and result reveals the sequence number step had the characteristics of volatility during the LDoS attack.The permutation entropy method was adopted to extract the characteristics of volatility.Hence,an LDoS attack detection method based on ACK serial number step permutation entropy was proposed.The serial number was sampled and the step length was calculated through collecting the ACK packets that received at the end of sender.Then,the permutation entropy algorithm with strong time-sensitive was used to detect the mutation step time,and achieve the goal of detecting LDoS attack.A test-bed was designed and built in the actual network environment for the purpose of verifying the proposed approach performance.Experimental results show that the proposed approach has better detection performance and has achieved better detection effect.     

The detection method of low-rate DoS attack based on multi-feature fusion

As a new type of Denial of Service (DoS) attacks, the Low-rate Denial of Service (LDoS) attacks make the traditional method of detecting Distributed Denial of Service Attack (DDoS) attacks useless due to the characteristics of a low average rate and concealment. With features extracted from the network traffic, a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper. An attack feature set containing the Acknowledge character(ACK) sequence number, the packet size, and the queue length is used to classify normal and LDoS attack traffics. Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor (KNN) classifier separately, and to obtain the decision contour matrix. Then a posteriori probability in the matrix is fused, and the fusion decision index D is used as the basis of detecting the LDoS attacks. Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.     

An adaptive KPCA approach for detecting LDoS attack

Low‐rate denial‐of‐service (LDoS) attack sends out attack packets at low‐average rate of traffic flow in short time. It is stealthier than traditional DoS attack, which makes detection of LDoS extremely difficult. In this paper, an adaptive kernel principal component analysis method is proposed for LDoS attack detection. The network traffic flow is extracted through wavelet multi‐scale analysis. An adaptive kernel principal component analysis method is adopted to detect LDoS attack through the squared prediction error statistics. Key parameters such as the parameter of the radial basis function, the number of principal components, and the squared prediction error confidence limit are adaptively trained with training data and updated with the network environment. Simulation is accomplished in NS‐2 environment, and results prove the favorable LDoS attack detection efficiency by the proposed approach. Copyright © 2015 John Wiley & Sons, Ltd.     

SEDP‐based detection of low‐rate DoS attacks

Low‐rate Denial of Service (LDoS) is a new type of TCP‐targeted attacks, which attempt to deny bandwidth to TCP flows while sending at sufficiently low‐average rate to elude detection of DoS defense system. Therefore, LDoS attacks are difficult to be detected by routers and counter‐DoS mechanisms. In this paper, an approach of detecting LDoS attacks is proposed by using the technology of signal processing based on the model of spectral energy distribution probability. The proposed approach calculates variances between the incoming traffic of normal TCP and attack flows to a server by using packet sampling sequence within a certain period. The network traffic is converted from the time domain to the frequency domain forming a spectral signal, and the distribution probability of spectral energy is estimated based on spectrum characteristics of rectangular pulses. This approach explores that the energy of LDoS attacks is mostly distributed in the main lobe width while that of normal TCP traffic is just concentrated near zero in frequency domain. Both the spectral energy of normal TCP traffic and LDoS attacks distributed in main lobe are calculated, and an energy threshold is set as decision value based on statistical results according to energy distribution properties. The existence of LDoS attacks is determined and detected by comparing calculated variances with the preset decision threshold value. Tests on the detection performance of the proposed approach were performed in NS‐2 simulation environment, and detection rate was obtained by Hypothesis test. Experiment results show that the proposed approach has higher detection accuracy and less computation consuming. Copyright © 2014 John Wiley & Sons, Ltd.     

基于信号互相关的低速率拒绝服务攻击检测方法

低速率拒绝服务LDoS（Low-rate Denial of Service）攻击是一种基于TCP/IP协议漏洞,采用密集型周期性脉冲的攻击方式.本文针对分布式LDoS攻击脉冲到达目标端的时序关系,提出基于互相关的LDoS攻击检测方法.该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性,得到相关序列,采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间,利用无周期单脉冲预测技术估计LDoS攻击的周期参数,提取LDoS攻击的脉冲持续时间的相关性特征,并设计判决门限规则.实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能.     

An adaptive network traffic prediction approach for LDoS attacks detection

Low‐rate denial of service (LDoS) attacks reduce throughput and degrade quality of service (QoS) of network services by sending out attack packets with relatively low average rate. LDoS attack flows are difficult to detect from normal traffic since it has the property of low average rate. The research on network traffic analysis and modeling shows that network traffic measurement data are irregular nonlinear time series. To characterize and analyze network traffic between attack and non‐attack situations, the adaptive normal and abnormal ν‐support vector regression (ν‐SVR) prediction models are constructed on the basis of the reconstructed phase space. In this paper, the dimension of reconstructed phase space for ν‐SVR is optimized by Bayesian information criteria method, and the parameter in the radial basis function is adaptively adjusted by minimizing the within‐class distance and maximizing the between‐class distance in the feature space. The nonthreshold decision function is obtained through calculating the prediction error of adaptive normal and abnormal ν‐SVR prediction models, which is adopted to detect LDoS attacks. Experiments in NS‐2 environment show that the adaptive ν‐SVR prediction model can effectively predict the network traffic measurement time series, and the probability distribution of time series generated by the adaptive ν‐SVR prediction model is quite similar to that of the network traffic measurement data. Experiments also clearly demonstrate the superiority of the proposed approach in LDoS attacks detection.     

基于小信号检测模型的LDoS攻击检测方法的研究

 低速率拒绝服务LDoS(Low-rate Denial of Service)是一种新型的面向TCP协议的DoS攻击方式.LDoS攻击的平均流量仅占正常流量的10-20%,具有明显的周期性小信号特征,隐蔽性强.因此,检测LDoS攻击成为网络安全研究的一个难点.本文采用数字信号处理DSP技术,基于小信号检测理论,提出一种基于小信号模型的LDoS攻击检测的方法.该方法通过构造特征值估算矩阵,对30秒时间内(3000个采样点)到达的数据包个数进行统计;将统计值与设定的判决特征值门限比较,作为判断有无LDoS攻击的依据.如果判定成立,则通过特征值估算矩阵可较精确地计算出LDoS攻击的周期值.在NS-2环境中的仿真实验结果表明本文方法具有较高的LDoS攻击检测率.     

隐马尔科夫模型检测LDoS攻击方法的研究

针对低速率拒绝服务LDoS （Low-Rate Denial of Service）攻击具有平均速率低、隐蔽性强的特点,提出了一种基于隐马尔科夫模型的LDoS攻击检测方法。首先对网络状态建立隐马尔科夫模型,将归一化累计功率谱密度NCPSD（Normalized Cumulative Power Spectrum Density）方法的检测结果作为隐马尔科夫模型的观测值。利用前向算法得到不同观测值序列在该模型下的相似度作为检测依据。在NS 2中对本检测方法进行测试,实验结果表明本方法能够有效的检测LDoS攻击,与其他方法相比也具有更好的检测性能。通过假设检验得出检测率为99.96%。      

一种基于Haar小波变换的低速率拒绝服务攻击检测方法

依据LDoS攻击周期性脉冲突发的特点,提出一种基于Haar小波特征提取的低速率拒绝服务攻击检测方法．该方法采用信号处理技术来分析网络流量提取特征指标,通过小波多尺度分析对网络流量综合诊断,较好地缓解了合法用户背景流量对攻击特征提取的干扰．NS-2仿真实验结果表明,该方法检测率高,消耗计算资源少,具有良好的理论研究和实用价值．     

基于小波包分析与BP神经网络的氧化铝熟料检测

利用小波包分析与BP（Back Propagation）神经网络相结合的算法,对氧化铝熟料检测的应用进行了研究。通过对回转窑中的氧化铝熟料下落碰撞窑壁产生的声音信号进行采集,利用小波包分析提取特征向量,根据氧化铝的烧结状况与声音信号特征向量的对应关系,提出建立BP神经网络模型。经过MATLAB对测试样本进行验证,结果表明BP神经网络模型在氧化铝熟料检测的可行性,而且具备一定的准确率。     

基于ASPQ的LDoS攻击检测方法

分析了LDoS攻击对缓冲区队列平均报文长度(ASPQ)的影响,通过实验获得队列报文平均长度在遭受攻击情况下的改变.在此基础上提出了基于ASPQ的LDoS攻击检测方法,并应用在目前典型的队列管理算法(Droptail和RED)中.最后,通过实验证明该方法可以有效检测LDoS攻击.     

基于SNMP和神经网络的DDoS攻击检测

DDoS（Distributed Denial of Service）已经严重威胁计算机网络安全。对DDoS攻击检测的关键是找到能反映攻击流和正常流区别的特征,设计简单高效的算法,实时检测。通过对攻击特点的分析,总结出15个基于SNMP（Simple Network Management Protocol）的检测特征。利用BP神经网络高效的计算性能,设计了基于SNMP和神经网络的DDoS攻击检测模型,提高了检测实时性和准确性。实验表明：该检测模型对多种DDoS攻击都具有很好的检测效果。     

Multi-step attack detection method based on network communication anomaly recognition

In view of the characteristics of internal fixed business logic,inbound and outbound network access behavior,two classes and four kinds of abnormal behaviors were defined firstly,and then a multi-step attack detection method was proposed based on network communication anomaly recognition.For abnormal sub-graphs and abnormal communication edges detection,graph-based anomaly analysis and wavelet analysis method were respectively proposed to identify abnormal behaviors in network communication,and detect multi-step attacks through anomaly correlation analysis.Experiments are carried out on the DARPA 2000 data set and LANL data set to verify the results.The experimental results show that the proposed method can effectively detect and reconstruct multi-step attack scenarios.The proposed method can effectively monitor multi-step attacks including unknown feature types.It provides a feasible idea for detecting complex multi-step attack patterns such as APT.And the network communication graph greatly reduces the data size,it is suitable for large-scale enterprise network environments.     

基于Gabor小波和神经网的人脸检测

论文提出了一种基于Gabor滤波特征和的正面人脸检测方法。算法首先利用了Gabor滤波器的良好的空间位置与方向的选择特性,采用了四种方向的Gabor滤波器提取人脸样本图像特征并送入神经网路进行训练。实验结果证明该方法行是十分有效的。     

基于特征提取相似日的ELM短期负荷预测研究

为解决短期电力负荷预测中预测精度差、计算时间长等问题,提出一种基于自组织特征映射网络进行特征提取相似日的极限学习机短期电力负荷预测方法。通过自组织特征映射网络找出与预测日同类型的历史数据作为训练样本;并采用预测能力强、计算时间短的ELM网络进行预测。以某市电力负荷数据进行仿真,并将上述方法与传统神经网络进行对比。仿真算例表明,基于特征提取相似日的ELM方法具有较高的预测精度,泛化性能好,且运算时间短。     

基于BP神经网络的说话人识别技术的实现

说话人识别就是从说话人的一段语音中提取出说话人的个性特征,通过对这些个人特征的分析和识别,从而达到对说话人进行辨认或者确认的目的。神经网络是一种基于非线性理论的分布式并行处理网络模型,具有很强的模式分类能力及对不完全信息的鲁棒性,为说话人识别技术提供了一种独特的方法。BP(Back-propagation Neural Network)是一种非循环多级网络训练算法,有输入层,输出层和N个隐含层组成。首先概述了语音识别技术,介绍了BP神经网络训练过程的7个步骤及其模型,如何建立BP神经网络模型。同时介绍了与其相关的特征参数的提取,神经网络的训练和识别过程,最后,通过编程在Linux系统下实现说话人身份的识别。     

一种基于神经网络图像边缘检测的方法

本文提出一种采用组合神经网络对图像边缘检测的方法,该组合神经网络由自组织竞争型神经网络和BP神经网络所组成,结合遗传算法,通过学习与训练,可实现对图像的边缘检测。     

Artificial intelligence enabled Luong Attention and Hosmer Lemeshow Regression Window-based attack detection in 6G

Regardless of the developments of networking and communication technologies, security is without exception a predominant feature to ensure network reliability. The future sixth-generation (6G) network is anticipated to be carried out with artificial intelligence (AI) powered communication via machine learning (ML), post-quantum cryptography, and so on. AI-powered communication has been in recent years utilized in enhancing network traffic performance with respect to resource management, optimal frequency spectrum design, security, and latency. The studies of modern wireless communications and anticipated features of 6G networks revealed a prerequisite for designing a trustworthy attack detection mechanism. In this work, a method called, Luong Attention and Hosmer Lemeshow Regression Window-based (LA-HLRW) attack detection in 6G is proposed. Initially, with the raw Botnet Attack dataset obtained as input, preprocessing is performed to normalize network traffic features. Next, the dimensionality of network traffic feature of large-scale network traffic data is reduced using the Luong Attention integrated with Long Short Term Memory (LSTM)-based Feature extraction model. Finally, with the objective of classifying network traffic samples for attack detection in 6G, we analyze the low dimensional network traffic feature set produced by Luong Attention integrated with LSTM using the Hosmer Lemeshow Logistic Regression Window-based Attack Detection model. Extensive experiments are performed with the Botnet Attack dataset to validate the efficiency of the proposed LA-HLRW method by using different parameters such as attack detection accuracy, attack detection time, precision, and recall. The overall analysis of proposed LA-HLRW results significantly reduced the attack detection time by 24%, and additionally improved attack detection accuracy, precision, and recall by 5%, 5%, and 6% as compared to existing attack detection methods respectively.