Two-Layer Approach for Mixed High-Rate and Low-Rate Distributed Denial of Service (DDoS) Attack Detection and Filtering

  • S. Toklu
  • M. Şimşek
Research Article - Computer Engineering and Computer Science


Distributed denial of service (DDoS) attacks are one of the most important attacks due to reducing the performance of computer networks nowadays. In recent years, the number of devices connected to the internet has been increasing. These devices are not only computers, but also objects of everyday use. The concept of internet has accelerated the increase considerably. Therefore, many problems arise in terms of DDoS attacks. One of them is low-rate DDoS attacks. While high-rate DDoS attacks are often performed with computers, low-rate DDoS attacks can be easily performed by computers and internet-connected objects. Therefore, effective defense mechanism against both attacks must be developed. In this study, new approaches are proposed to filter mixed high-rate DDoS and low-rate DDoS attacks. The ns-2 simulation tool was used to evaluate the performance of the proposed methods. Experimental results show that the proposed methods are successfully filtered mixed DDoS attacks.


Network-level security and protection Security Distributed denial of service attacks QoS Intrusion detection system 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Gui, L.; Zhou, Y.; Xu, R.; He, Y.; Lu, Q.: Learning representations from heterogeneous network for sentiment classification of product reviews. Knowl. Based Syst. 124, 34–45 (2017)CrossRefGoogle Scholar
  2. 2.
    Zhi-Jun, W.; Hai-Tao, Z.; Ming-Hua, W.; Bao-Song, P.: MSABMS-based approach of detecting LDoS attack. Comput. Secur. 31(4), 402–417 (2012)CrossRefGoogle Scholar
  3. 3.
    Ding, K.; Li, Y.; Quevedo, D.E.; Dey, S.; Shi, L.: A multi-channel transmission schedule for remote state estimation under DoS attacks. Automatica 78, 194–201 (2017)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)CrossRefGoogle Scholar
  5. 5.
    Fouladi, R.F.; Kayatas, C.E.; Anarim, E.: Frequency based DDoS attack detection approach using naive Bayes classification, In: 2016 39th International Conference on Telecommunications and Signal Processing (TSP), pp. 104–107 (2016)Google Scholar
  6. 6.
    Chen, Y.; Hwang, K.: Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. J. Parallel Distrib. Comput. 66(9), 1137–1151 (2006)CrossRefzbMATHGoogle Scholar
  7. 7.
    Zhang, C.; Cai, Z.; Chen, W.; Luo, X.; Yin, J.: Flow level detection and filtering of low-rate DDoS. Comput. Netw. 56(15), 3417–3431 (2012)CrossRefGoogle Scholar
  8. 8.
    Şimşek, M.: A new metric for flow-level filtering of low-rate DDoS attacks. Secur. Commun. Netw. 8(18), 3815–3825 (2015)CrossRefGoogle Scholar
  9. 9.
    Mirkovic, J.; Reiher, P.: D-WARD: a source-end defense against flooding denial-of-service attacks. IEEE Trans. Dependable Secur. Comput. 2(3), 216–232 (2005)CrossRefGoogle Scholar
  10. 10.
    Bhuyan, M.H.; Kalwar, A.; Goswami, A.; Bhattacharyya, D.K.; Kalita, J.K.: Low-rate and high-rate distributed DoS attack detection using partial rank correlation. In: Proceedings of 2015 5th International Conference on Communications Systems and Network Technologies CSNT 2015, pp. 706–710 (2015)Google Scholar
  11. 11.
    Wu, Z.J.; Lei, J.; Yao, D.; Wang, M.H.; Musa, S.M.: Chaos-based detection of LDoS att acks. J. Syst. Softw. 86(1), 211–221 (2013)CrossRefGoogle Scholar
  12. 12.
    Shin, S.; Kim, K.; Jang, J.: D-SAT: Detecting SYN flooding attack by two-stage statistical approach. In: Proceedings of International on Symposium on Applications and Internet, pp. 430–436 (2005)Google Scholar
  13. 13.
    Luo, J.; Yang, X.; Wang, J.; Xu, J.; Sun, J.; Long, K.: On a mathematical model for low-rate shrew DDoS. IEEE Trans. Inf. Forensics Secur. 9(7), 1069–1083 (2014)CrossRefGoogle Scholar
  14. 14.
    Li, H.; Zhu, J.; Wang, Q.; Zhou, T.; Qiu, H.; Li, H.: LAAEM: a method to enhance LDoS attack. IEEE Commun. Lett. 20(4), 708–711 (2016)CrossRefGoogle Scholar
  15. 15.
    Yue, M.; Wu, Z.; Wang, M.: A new exploration of FB-shrew attack. IEEE Commun. Lett. 20(10), 1987–1990 (2016)CrossRefGoogle Scholar
  16. 16.
    Luo, J.; Yang, X.: The NewShrew attack: a new type of low-rate TCP-targeted DoS attack. In: IEEE International Conference on Communications (ICC), vol. 2014, pp. 713–718 (2014)Google Scholar
  17. 17.
    Chonka, A.; Singh, J.; Zhou, W.: Chaos theory based detection against network mimicking DDoS attacks. Communications 13(9), 717–719 (2009)Google Scholar
  18. 18.
    François, J.; Aib, I.; Boutaba, R.: FireCol: A collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans Netw (TON) 20(6), 1828–1841 (2012)CrossRefGoogle Scholar
  19. 19.
    Tao, Y.; Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 233–240 (2013)Google Scholar
  20. 20.
    Ma, X.; Chen, Y.: DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun. Lett. 18(1), 114–117 (2014)CrossRefGoogle Scholar

Copyright information

© King Fahd University of Petroleum & Minerals 2018

Authors and Affiliations

  1. 1.Department of Computer Engineering, Faculty of EngineeringDüzce UniversityDüzceTurkey

Personalised recommendations