A New Detection Method based on AEWMA Algorithm for LDoS attacks

The Low-rate Denial of Service (LDoS) attack is a new type of DoS (Denial of Service) attack, which produces the similar harmful effect as the DoS attack. It is more difficult for existing DoS detection methods to detect the LDoS attacks because of their distinct characteristics, at the same time the accuracy of the current detection methods for the LDoS attacks is relatively low. However, when the LDoS attacks occur, the characteristics of the ACK traffic have special changes. As the fact that the LDoS attacks led to abnormal traffic and abnormal distribution of the ACK traffic, a new LDoS detection method is proposed based on coefficient of variation and AEWMA algorithm by measuring the abnormal characteristics of the ACK traffic. The NS2 simulations show that this method can detect LDoS attacks effectively with a low false-negative rate and falsepositive rate. Based on LBNL Datasets and MAWI Datasets, the experiment results show that this method is more efficient than the EWMA method.