{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T08:49:51Z","timestamp":1767084591347,"version":"3.40.5"},"reference-count":40,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,3,22]],"date-time":"2021-03-22T00:00:00Z","timestamp":1616371200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,3,22]]},"abstract":"<jats:p>Low-rate denial-of-service (LDoS) attacks are characterized by low average rate and periodicity. Under certain conditions, the high concealment of LDoS attacks enables them to transfer the attack stream to the network without being detected at all before the end. In this article, plenty of LDoS attack traffic is spread to the victim end to detect LDoS attacks. Through experimental analysis, it is found that the attack pulses at the victim end have sequence correlation, so the coherence detection technology in spread spectrum communication is proposed to detect LDoS attacks. Therefore, this paper proposes an attack detection method based on coherent detection, which adopts bivariate cyclic convolution algorithm. Similar to the generation of receiving terminal phase dry detection code in spread spectrum communication, we construct a local detection sequence to complete the extraction of LDoS attack stream from the background traffic of the victim terminal, that is, the coherent detection of LDoS attacks. When predicting the features of an LDoS attack, how to construct the parameters of the detection sequence (such as period, pulse duration, amplitude, and so on) is very important. In this paper, we observe the correlation of LDoS attacks and use coherence detection to detect LDoS attacks. By comparing calculated cross-correlation values with designed double threshold rules, the existence of attacks can be determined. The simulation platform and experiments show that this method has high detection performance.<\/jats:p>","DOI":"10.1155\/2021\/6694264","type":"journal-article","created":{"date-parts":[[2021,3,23]],"date-time":"2021-03-23T18:35:46Z","timestamp":1616524546000},"page":"1-14","source":"Crossref","is-referenced-by-count":5,"title":["Coherent Detection of Synchronous Low-Rate DoS Attacks"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0691-1767","authenticated-orcid":true,"given":"Zhijun","family":"Wu","sequence":"first","affiliation":[{"name":"School of Electronic Information & Automation, Civil Aviation University of China, Tianjin 300300, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1751-510X","authenticated-orcid":true,"given":"Yue","family":"Yin","sequence":"additional","affiliation":[{"name":"School of Economics and Management, Civil Aviation University of China, Tianjin 300300, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1365-7071","authenticated-orcid":true,"given":"Guang","family":"Li","sequence":"additional","affiliation":[{"name":"School of Electronic Information & Automation, Civil Aviation University of China, Tianjin 300300, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1473-3729","authenticated-orcid":true,"given":"Meng","family":"Yue","sequence":"additional","affiliation":[{"name":"School of Electronic Information & Automation, Civil Aviation University of China, Tianjin 300300, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"first-page":"75","article-title":"Low-rate TCP-targeted denial of service attacks: the shrew versus the mice and elephants","author":"A. Kuzmanovic","key":"1"},{"first-page":"184","article-title":"Exploiting the transients of adaptation for RoQ attacks on Internet resources","author":"M. Guirguis","key":"2"},{"first-page":"99","article-title":"Attribution of fraudulent resource consumption in the cloud","author":"J. Idziorek","key":"3"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1504\/ijtmcc.2013.056440"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/tcc.2014.2325045"},{"first-page":"1725","article-title":"Tail attacks on web applications","author":"H. S. Shan","key":"6"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2015.2443807"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2014.2321034"},{"issue":"1","key":"9","first-page":"1","article-title":"Detecting pulsing denial-of-service attacks with nondeterministic attack intervals","volume":"2009","author":"X. Luo","year":"2009","journal-title":"EURASIP Journal on Advances in Signal Processing"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78813-5_18"},{"key":"11","first-page":"17","article-title":"Slow TCAM exhaustion DDoS attack","volume":"2","author":"A. P. Tulio","year":"2017","journal-title":"IFIP Advances in Information and Communication Technology"},{"first-page":"2143","article-title":"Use of spectral analysis in defense against DoS attacks","author":"C. M. Cheng","key":"12"},{"issue":"4","key":"13","first-page":"930","article-title":"A low-rate DoS detection method based on feature extraction using wavelet transform","volume":"20","author":"Y. X. He","year":"2009","journal-title":"Journal of Software"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1002\/dac.2993"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpdc.2006.04.007"},{"first-page":"786","article-title":"Filtering of shrew DDoS attacks in frequency domain","author":"Y. Hwang","key":"16"},{"key":"17","doi-asserted-by":"crossref","first-page":"32853","DOI":"10.1109\/ACCESS.2019.2903816","article-title":"Detection approach in ZigBee wireless sensor network by combining Hilbert-Huang transformation and trust evaluation","volume":"7","author":"H. S. Chen","year":"2019","journal-title":"IEEE Access"},{"key":"18","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/j.cose.2017.09.009","article-title":"Slow rate denial of service attacks against HTTP\/2 and detection","volume":"72","author":"N. Tripathi","year":"2018","journal-title":"Computers & Security"},{"first-page":"1","article-title":"Method for detecting low-rate attacks on basis of burst-state duration using quick packet-matching function","author":"Y. Hayashi","key":"19"},{"issue":"8","key":"20","first-page":"1590","article-title":"Detection of LDDoS attack based on kalman filtering","volume":"36","author":"Z. J. Wu","year":"2008","journal-title":"Acta electronica sinica"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1109\/lcomm.2012.121912.122257"},{"first-page":"706","article-title":"Low-rate and high-rate distributed dos attack detection using partial rank correlation","author":"M. H. Bhuyan","key":"22"},{"first-page":"363","article-title":"Detection of ldos attacks using variant of cusum and shiryaev - robertss algorithm","author":"G. Kaur","key":"23"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.3390\/app9112375"},{"key":"25","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/j.comcom.2020.05.048","article-title":"An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture","volume":"160","author":"R. M. Swarna Priya","year":"2020","journal-title":"Computer Communications"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-19713-5_22"},{"issue":"09","key":"27","first-page":"1760","article-title":"Detecting low-rate DoS attacks based on signal cross-correlation","volume":"42","author":"Z.-j. Wu","year":"2014","journal-title":"Acta Electronica Sinica"},{"volume-title":"Detecting LDoS Attacks Based on Signal Cross-Correlation","year":"2014","author":"L. I. Guang","key":"28"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.01.031"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.3020513"},{"key":"31","article-title":"Augmented reality and virtual reality transforming spinal imaging landscape: a feasibility study","author":"Y. Shelke","year":"2020","journal-title":"IEEE Computer Graphics and Applications"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.2983091"},{"issue":"3","key":"33","doi-asserted-by":"crossref","first-page":"635","DOI":"10.1109\/TBDATA.2017.2723570","article-title":"Big data for cybersecurity: vulnerability disclosure trends and dependencies","volume":"5","author":"M. Tang","year":"2019","journal-title":"IEEE Transactions on Big Data"},{"key":"34","article-title":"Analysis of security and energy efficiency for shortest route discovery in low-energy adaptive clustering hierarchy protocol using Levenberg\u2013Marquardt neural network and gated recurrent unit for intrusion detection system","author":"M. Mittal","year":"2020","journal-title":"Transactions on Emerging Telecommunications Technologies"},{"key":"35","article-title":"Ensemble adaboost classifier for accurate and fast detection of botnet attacks in connected vehicles","volume":"e4088","author":"A. Rehman Javed","year":"2020","journal-title":"Transactions on Emerging Telecommunications Technologies"},{"first-page":"1","article-title":"Robust early stage botnet detection using machine learning","author":"M. Ali","key":"36"},{"key":"37","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.01.022"},{"issue":"04","key":"38","first-page":"877","article-title":"Noncoherent multiple symbol detection for continuous phase modulation in physical-layer network coding","volume":"38","author":"X. Y. Dang","year":"2016","journal-title":"Journal of Electronics & Information Technology"},{"article-title":"Knightly, aleksandar kuzmanovic, shrew attack linux code","year":"2004","author":"W. Edward","key":"39"},{"issue":"6","key":"40","first-page":"87","article-title":"Research on the performance of low-rate DoS attack","volume":"29","author":"Z. Wu","year":"2008","journal-title":"Journal on Communications"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/6694264.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/6694264.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/6694264.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,3,23]],"date-time":"2021-03-23T18:35:59Z","timestamp":1616524559000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/6694264\/"}},"subtitle":[],"editor":[{"given":"Mamoun","family":"Alazab","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2021,3,22]]},"references-count":40,"alternative-id":["6694264","6694264"],"URL":"https:\/\/doi.org\/10.1155\/2021\/6694264","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"type":"electronic","value":"1939-0122"},{"type":"print","value":"1939-0114"}],"subject":[],"published":{"date-parts":[[2021,3,22]]}}}