HawkEye: An end-host method to detect the Low-rate Denial-of-Service attack of cross-traffic over bottleneck links

IF 4.4 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Computer Networks Pub Date : 2024-11-28 DOI:10.1016/j.comnet.2024.110951
Fei Lei, Xianliang Jiang, Guang Jin, Dingxin Yu
{"title":"HawkEye: An end-host method to detect the Low-rate Denial-of-Service attack of cross-traffic over bottleneck links","authors":"Fei Lei,&nbsp;Xianliang Jiang,&nbsp;Guang Jin,&nbsp;Dingxin Yu","doi":"10.1016/j.comnet.2024.110951","DOIUrl":null,"url":null,"abstract":"<div><div>The adaptive mechanisms of the Transmission Control Protocol (TCP) address network congestion and other unpredictable network conditions. They ensure the reliability of data transmission and the stability of the network. Unfortunately, the vulnerabilities in these adaptive mechanisms are targeted explicitly by low-rate denial-of-service (LDoS) attacks, which severely degrade network service quality. Only by modifying these protocols and addressing their vulnerabilities can one entirely prevent LDoS attacks. Although various improved TCP algorithms exist, they often fail to identify LDoS attacks accurately and, in some cases, may even reduce TCP performance. Furthermore, traditional LDoS attack detection methods rely on intermediate devices, which do not meet TCP’s end-to-end performance optimization needs. We introduce <strong>HawkEye</strong>, which moves the detection mechanism to the <strong>end hosts</strong> to address this issue. HawkEye uses an improved genetic algorithm to fine-tune the parameters of the LightGBM on the sending host, integrating multiple network traffic features to detect LDoS attacks. Experimental results show that our proposed method achieves the high accuracy, high true positive rate, and low false positive rate, successfully addressing the limitations of end-host detection of LDoS attacks and providing an innovative and effective solution for enhancing LDoS attack detection.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110951"},"PeriodicalIF":4.4000,"publicationDate":"2024-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624007837","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

Abstract

The adaptive mechanisms of the Transmission Control Protocol (TCP) address network congestion and other unpredictable network conditions. They ensure the reliability of data transmission and the stability of the network. Unfortunately, the vulnerabilities in these adaptive mechanisms are targeted explicitly by low-rate denial-of-service (LDoS) attacks, which severely degrade network service quality. Only by modifying these protocols and addressing their vulnerabilities can one entirely prevent LDoS attacks. Although various improved TCP algorithms exist, they often fail to identify LDoS attacks accurately and, in some cases, may even reduce TCP performance. Furthermore, traditional LDoS attack detection methods rely on intermediate devices, which do not meet TCP’s end-to-end performance optimization needs. We introduce HawkEye, which moves the detection mechanism to the end hosts to address this issue. HawkEye uses an improved genetic algorithm to fine-tune the parameters of the LightGBM on the sending host, integrating multiple network traffic features to detect LDoS attacks. Experimental results show that our proposed method achieves the high accuracy, high true positive rate, and low false positive rate, successfully addressing the limitations of end-host detection of LDoS attacks and providing an innovative and effective solution for enhancing LDoS attack detection.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
HawkEye:一种检测瓶颈链路上交叉流量的低速率拒绝服务攻击的终端主机方法
传输控制协议(TCP)的自适应机制可以解决网络拥塞和其他不可预测的网络状况。它们保证了数据传输的可靠性和网络的稳定性。不幸的是,这些自适应机制中的漏洞是低速率拒绝服务攻击的明确目标,严重降低了网络服务质量。只有修改这些协议并解决其漏洞,才能完全防止ddos攻击。尽管存在各种改进的TCP算法,但它们往往不能准确识别ddos攻击,在某些情况下甚至可能降低TCP性能。此外,传统的ddos攻击检测方法依赖于中间设备,无法满足TCP端到端的性能优化需求。我们引入了HawkEye,它将检测机制移动到终端主机来解决这个问题。HawkEye利用改进的遗传算法对发送主机上的LightGBM参数进行微调,综合多种网络流量特征,检测LDoS攻击。实验结果表明,该方法具有准确率高、真阳性率高、假阳性率低的特点,成功地解决了终端主机检测LDoS攻击的局限性,为增强LDoS攻击检测提供了一种创新有效的解决方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Computer Networks
Computer Networks 工程技术-电信学
CiteScore
10.80
自引率
3.60%
发文量
434
审稿时长
8.6 months
期刊介绍: Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
期刊最新文献
HawkEye: An end-host method to detect the Low-rate Denial-of-Service attack of cross-traffic over bottleneck links Editorial Board DUdetector: A dual-granularity unsupervised model for network anomaly detection LPPAC: Lightweight privacy-preserving distributed payments with access control Cooperation-based server deployment strategy in mobile edge computing system
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1