LDoS Attack Detection using PSO and K-means Algorithm

Low-rate Denial of Service (LDoS) attack exploiting vulnerabilities of TCP protocol for periodic attacks usually results in the degradation of service quality. Its short attack duration and low average attack traffic make it highly efficient and concealed. Existing detection methods against this type of attack still have a shortcoming that the accuracy is not so satisfactory. A method for detecting LDoS attacks using PSO and k-means algorithm is proposed in this paper. The method first divides the detection time into multiple detection units, samples the traffic data of the data stream and summarizes the traffic characteristics in each detection unit, and then it uses the K-means algorithm to calculate the clustering center. In order to conduct a better detection, the particle swarm optimization algorithm is used to perturb the clustering center to avoid the defect that the K-means algorithm is easy to fall into the local optimal solution. Finally, the network features after clustering are compared with the anomalous features generated after the LDoS attacks, and the relevant criteria is adopted to judge and subsequently verify the LDoS attacks. The experiments are carried out on multiple platforms and public datasets such as NS2 platform, test-bed platform, DARPA dataset, LBNL dataset and WIDE2018 dataset. The results of comparative experiments show that the proposed method has a better performance in effectively detecting LDoS attacks.