HawkEye: An end-host method to detect the Low-rate Denial-of-Service attack of cross-traffic over bottleneck links

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2024-11-28 DOI:10.1016/j.comnet.2024.110951

Fei Lei, Xianliang Jiang, Guang Jin, Dingxin Yu

{"title":"HawkEye: An end-host method to detect the Low-rate Denial-of-Service attack of cross-traffic over bottleneck links","authors":"Fei Lei, Xianliang Jiang, Guang Jin, Dingxin Yu","doi":"10.1016/j.comnet.2024.110951","DOIUrl":null,"url":null,"abstract":"<div><div>The adaptive mechanisms of the Transmission Control Protocol (TCP) address network congestion and other unpredictable network conditions. They ensure the reliability of data transmission and the stability of the network. Unfortunately, the vulnerabilities in these adaptive mechanisms are targeted explicitly by low-rate denial-of-service (LDoS) attacks, which severely degrade network service quality. Only by modifying these protocols and addressing their vulnerabilities can one entirely prevent LDoS attacks. Although various improved TCP algorithms exist, they often fail to identify LDoS attacks accurately and, in some cases, may even reduce TCP performance. Furthermore, traditional LDoS attack detection methods rely on intermediate devices, which do not meet TCP’s end-to-end performance optimization needs. We introduce <strong>HawkEye</strong>, which moves the detection mechanism to the <strong>end hosts</strong> to address this issue. HawkEye uses an improved genetic algorithm to fine-tune the parameters of the LightGBM on the sending host, integrating multiple network traffic features to detect LDoS attacks. Experimental results show that our proposed method achieves the high accuracy, high true positive rate, and low false positive rate, successfully addressing the limitations of end-host detection of LDoS attacks and providing an innovative and effective solution for enhancing LDoS attack detection.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110951"},"PeriodicalIF":4.4000,"publicationDate":"2024-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624007837","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The adaptive mechanisms of the Transmission Control Protocol (TCP) address network congestion and other unpredictable network conditions. They ensure the reliability of data transmission and the stability of the network. Unfortunately, the vulnerabilities in these adaptive mechanisms are targeted explicitly by low-rate denial-of-service (LDoS) attacks, which severely degrade network service quality. Only by modifying these protocols and addressing their vulnerabilities can one entirely prevent LDoS attacks. Although various improved TCP algorithms exist, they often fail to identify LDoS attacks accurately and, in some cases, may even reduce TCP performance. Furthermore, traditional LDoS attack detection methods rely on intermediate devices, which do not meet TCP’s end-to-end performance optimization needs. We introduce HawkEye, which moves the detection mechanism to the end hosts to address this issue. HawkEye uses an improved genetic algorithm to fine-tune the parameters of the LightGBM on the sending host, integrating multiple network traffic features to detect LDoS attacks. Experimental results show that our proposed method achieves the high accuracy, high true positive rate, and low false positive rate, successfully addressing the limitations of end-host detection of LDoS attacks and providing an innovative and effective solution for enhancing LDoS attack detection.

查看原文本刊更多论文

HawkEye：一种检测瓶颈链路上交叉流量的低速率拒绝服务攻击的终端主机方法

传输控制协议（TCP）的自适应机制可以解决网络拥塞和其他不可预测的网络状况。它们保证了数据传输的可靠性和网络的稳定性。不幸的是，这些自适应机制中的漏洞是低速率拒绝服务攻击的明确目标，严重降低了网络服务质量。只有修改这些协议并解决其漏洞，才能完全防止ddos攻击。尽管存在各种改进的TCP算法，但它们往往不能准确识别ddos攻击，在某些情况下甚至可能降低TCP性能。此外，传统的ddos攻击检测方法依赖于中间设备，无法满足TCP端到端的性能优化需求。我们引入了HawkEye，它将检测机制移动到终端主机来解决这个问题。HawkEye利用改进的遗传算法对发送主机上的LightGBM参数进行微调，综合多种网络流量特征，检测LDoS攻击。实验结果表明，该方法具有准确率高、真阳性率高、假阳性率低的特点，成功地解决了终端主机检测LDoS攻击的局限性，为增强LDoS攻击检测提供了一种创新有效的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.