Power spectrum entropy based detection and mitigation of low-rate DoS attacks

Low-Rate DoS (LDoS) attacks send periodical packet bursts to the bottleneck routers which can throttle the bandwidth of TCP flows. They are difficult to detect while severely degrading the Quality of Service (QoS) of TCP applications. By combining Power Spectrum Analysis with Information Entropy, we introduce two novel information metrics to detect the LDoS attacks: Fourier Power Spectrum Entropy (FPSE) and Wavelet Power Spectrum Entropy (WPSE). As the energy of LDoS attack signal is mostly concentrated in the low-frequency range, FPSE and WPSE of LDoS attacks both exhibit lower values compared to those of normal flows. Therefore, these two metrics can be applied here to detect LDoS attacks efficiently. By evaluating on NS-3 simulations and real network traces, the results validate the effectiveness of these two metrics to differentiate LDoS attacks from normal flows. They can detect the LDoS attacks efficiently with fewer false alarms compared to the other detection mechanisms. Based on these two metrics, we also propose a Power Spectrum Entropy-based Robust-RED (PRRED) queuing algorithm to mitigate LDoS attacks. The evaluation results in NS-3 demonstrate that the proposed algorithm is able to effectively preserve the TCP bandwidth while countering the different LDoS attacks.