公开(公告)号：US20250023910A1

公开(公告)日：2025-01-16

申请号：US18548937

申请日：2023-06-26

Applicant: SOUTHEAST UNIVERSITY

Inventor： Hua WU ,  Jinfeng CHEN ,  Guang CHENG ,  Xiaoyan HU

IPC: H04L9/40

Abstract: A method for detecting slow HTTP DoS (SHD) attacks in a backbone network can detect three different types of SHID attacks. The method is divided into an off-line training phase and an on-line detection phase. In the off-line training phase, several types of representative unidirectional traffic features are extracted according to attack characteristics of different SHD types and corresponding feature groups are built, where these features can effectively deal with a large amount of unidirectional traffic in backbone networks; a public backbone network dataset is systematically sampled and data are stored in combination with Count-min Sketch, which greatly minimizes storage and computational overhead required in the backbone networks; and a specific machine learning algorithm is used for training to obtain attack detection models. The method can be used for detecting and warning SHD attacks in mass traffic scenarios such as backbone networks to provide a basis for maintaining network security.