MF-CNN: a New Approach for LDoS Attack Detection Based on Multi-feature Fusion and CNN

  • Dan Tang
  • Liu TangEmail author
  • Wei Shi
  • Sijia Zhan
  • Qiuwei Yang


Low-rate denial-of-service (LDoS) attack reduce the performance of network services by periodically sending short-term and high-pulse packets. The behavior of LDoS attack is indistinguishable from normal traffic due to its low average rate. Many networks do not have an effective mechanism to deal with the threat from LDoS attack, including the emerging Internet of Things. When LDoS attack occurs, multiple features of network will change. It is difficult to describe the state of the whole network by one feature. So it needs many features to precisely represent the state of the network. In this paper, we propose a LDoS attack detection method based on multi-feature fusion and convolution neural network(CNN). In this method, we compute a variety of network features and fuse them into a feature map, which will be used to characterize the state of the network. CNN model is an excellent classification algorithm for image recognition in the field of deep learning. It can distinguish the difference between feature maps and detect the feature maps which contain LDoS attack. We validate and evaluate our method by conducting experiments on NS2 simulation platform and test-bed platform. The experimental results show that our method can detect LDoS attack effectively.


Convolution neural network Deep learning LDoS attack Multi-feature fusion 



This work was supported by National Natural Science Foundation of China (61772189, 61702173), and Hunan Provincial Natural Science Foundation of China (2019JJ40037).


  1. 1.
    Wen K, Hai YJ, Zhang B, University T (2014) Survey on Research and Progress of Low-Rate Denial of Service Attacks. J Softw 533(7):37Google Scholar
  2. 2.
    Yanxiang HE, Liu T, Cao Q, Xiong Q (2008) A survey of Low-rate Denial-of-Service attacks. J Frontiers Comput Sci TechnolGoogle Scholar
  3. 3.
    Somani G, Gaur MS, Sanghi D, Conti M (2016) DDoS attacks in cloud computing. Comput Netw Int J Comput Telecomm Netw 109(P2):157Google Scholar
  4. 4.
    Hameed S, Ahmed Khan H (2018) SDN Based Collaborative Scheme for Mitigation of DDoS Attacks. Future Internet 10(3):23CrossRefGoogle Scholar
  5. 5.
    Guan L, Guangjun HU, Wang Z (2016) Research on Network Security Situational Awareness Technology Based on Big Data. Netinfo SecurityGoogle Scholar
  6. 6.
    Jayanthi S, Kumar A (2015) RTO randomization for Low rate DOS attack on a Feedback controlled system. Int J Adv Res Comput Sci 6(2)Google Scholar
  7. 7.
    Litjens G, Kooi T, Bejnordi BE, Setio AAA, Ciompi F, Ghafoorian M, Van Der Laak JA, Van Ginneken B, Sánchez CI (2017) A survey on deep learning in medical image analysis. Medical Image Analysis 42:60CrossRefGoogle Scholar
  8. 8.
    LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436CrossRefGoogle Scholar
  9. 9.
    Zhang C, Cai Z, Chen W, Luo X, Yin J (2012) Flow level detection and filtering of low-rate DdoS. Comput Netw Int J Comput Telecomm Netw 56(15):3417Google Scholar
  10. 10.
    Wu Z, Zhang HT, Wang MH, Pei BS (2012) MSABMS-based approach of detecting LDoS attack. Comput Secur 31(4):402CrossRefGoogle Scholar
  11. 11.
    Wu Z, Zhang L, Yue M (2016) Low-Rate DoS Attacks Detection Based on Network Multifractal. IEEE Trans Dependable Secure Comput 13(5):559CrossRefGoogle Scholar
  12. 12.
    Şimşek M (2015) A new metric for flow-level filtering of low-rate DDoS attacks. Secur Commun Netw 8 (18):3815CrossRefGoogle Scholar
  13. 13.
    Agrawal N, Tapaswi S (2018) Low rate cloud DDoS attack defense method based on power spectral density analysis. Inform Process Lett 138:44–55MathSciNetCrossRefGoogle Scholar
  14. 14.
    Wu X, Tang D, Tang L, Man J, Zhan S, Liu Q (2018) A Low-Rate DoS Attack Detection Method Based on Hilbert Spectrum and Correlation. In: IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). IEEE, 2018, pp 1358–1363Google Scholar
  15. 15.
    Guo Y, Duan H, Chen J, Miao F (2016) MAF-SAM: An Effective Method to Perceive Data Plane Threats of Inter Domain Routing System. Comput Netw 110:69CrossRefGoogle Scholar
  16. 16.
    Yue M, Liu L, Wu Z, Wang M (2017) Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network. Int J Comm Sys 31(2)CrossRefGoogle Scholar
  17. 17.
    Wu Z, Jiang J, Yue M (2017) A Particle Filter-Based Approach for Effectively Detecting Low-Rate Denial of Service Attacks. In: International conference on cyber-enabled distributed computing and knowledge discovery, pp 86–90Google Scholar
  18. 18.
    Zhang X, Wu Z, Chen J, Yue M (2015) An adaptive KPCA approach for detecting LDoS attack. Int J Commun Sys 30:e2993CrossRefGoogle Scholar
  19. 19.
    Na W, Zhaoyang M, Liangchun Z (2015) Distributed denial of service convert flow detection based on data stream potential energy feature. Comput Eng 41(3):142Google Scholar
  20. 20.
    Tang D, Dai R, Tang L, Zhan S, Man J (2018) Low-Rate DoS Attack Detection Based on Two-Step Cluster Analysis. In: International conference on information and communications security. Springer, pp 92–104Google Scholar
  21. 21.
    Cotae P, Kang M, Velazquez A (2016) Spectral analysis of low rate of denial of service attacks detection based on fisher and Siegel tests. In: IEEE international conference on communications (ICC). IEEE, 2016, pp 1–6Google Scholar
  22. 22.
    Du X, Yang Y, Kang X (2008) Research of Applying Information Entropy and Clustering Technique on Network Traffic Analysis. In: International conference on computational intelligence and security, pp 472–476Google Scholar
  23. 23.
    Belsare SC (2016) Survey on Defeating Dos Attacks in Low Rate Networks Using Network Multifractal. Int J Res Comput Inform Technol 1:19–21Google Scholar
  24. 24.
    Chen W, An J, Li R, Li W (2017) Review on deep-learning-based cognitive computing. Acta Automat Sinica 43(11):1886zbMATHGoogle Scholar
  25. 25.
    Tang D, Chen K, Chen X, Liu H, Li X (2014) Adaptive EWMA Method based on abnormal network traffic for LDoS attacks. Mathematical Problems in Engineering 2014Google Scholar
  26. 26.
    Luo X, Chan EWW, Chang RKC (2006) Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks. In: Network operations and management symposium, 2006. NOMS 2006. Ieee/ifip, pp 507–518Google Scholar
  27. 27.
    Rahman MU, Rahman ZU, Fayaz M, Abbas S, Shahsani RK (2017) Performance analysis of TCP/AQM under Low-Rate Denial-of-Service Attacks. In: International conference on inventive computation technologies, pp 1–5Google Scholar
  28. 28.
    Chen Z, Pham TND, Chai KY, Bu SL, Lau CT (2017) FRRED: Fourier robust RED algorithm to detect and mitigate LDoS attacks. In: Zooming innovation in consumer electronics international conference, pp 13–17Google Scholar
  29. 29.
    Chen Y, Hwang K, Kwok YK (2005) Collaborative defense against periodic shrew DDoS attacks in frequency domain. In: ACM transactions on information and system security (TISSEC), p 30Google Scholar
  30. 30.
    Wu Z, Yue M (2008) Detection of LDDoS attack based on Kalman filtering. Acta Electronica Sinica 36 (8):1590e4Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Authors and Affiliations

  1. 1.College of Computer Science and Electronic EngineeringHunan UniversityChangshaChina

Personalised recommendations