WEDMS: An advanced mean shift clustering algorithm for LDoS attacks detection

Abstract Network and communication security are the focus of attention. Low-rate denial of service (LDoS) attacks exploit deficiencies of TCP protocol to restrain TCP throughput and network quality of links, by sending pulse sequences periodically. It is difficult for the defense against LDoS attacks by the available DoS attacks detection methods, due to the low average rate and prodigious concealment of LDoS attacks, which threats on the network security seriously. In this paper, a new approach for LDoS attacks detection based on the advanced Mean Shift clustering algorithm with weighted Euclidean distance (WEDMS) is proposed. Based on the distinction that the discreteness of network traffic suffering LDoS attacks is more obvious than that of legitimate traffic, network traffic can be clustered by the WEDMS algorithm. After cluster analysis, the existence of LDoS attacks can be validated according to the decision feature of the clustering results. Experiments on detection performance are carried out in NS-2, test-bed, and public datasets such as LBNL, WIDE2006, and WIDE2018. The experimental results illustrate that the presence of LDoS attacks can be identified by the proposed method with higher TPR and lower FPR.