Detection of Low-Intensity DoS Attacks by Using a Combined Neural Network Using a DoS Attack Level Analysis Algorithm

The growing number and complexity of attacks on access to information is one of the main problems in the field of web crimes today. These intrusions form a class of denial-of-service attacks. DoS attack is an attack carried out in order to bring the system to failure. A huge amount of traffic is generated due to which the server is rebooted, which further leads to its blocking. Usually, the most frequently attacked resources are: channel width, processor time of servers and routers etc. In order to minimize the consequences of such attacks, a wide range of mechanisms are used. One of these tools is the intrusion detection method. However, when detecting low-intensity attacks (low-rate-DoS), some methods of detecting attacks based on standard statistical methods show a rather low result. In this situation, neural networks act as a solution to the problem. They are used in almost all attack detection tools, both separately and with other protection mechanisms. This article describes the development and experimental study of the effectiveness of the method for detecting low-intensity denial-of-service attacks (low-rate-DoS) and the implementation of the developed algorithm for analyzing the level of DoS attacks. This paper uses a model of low-intensity attacks in the form of simultaneous overlay of network events and abnormal traffic. The essence of the method is to identify homogeneous groups of a time series using pattern recognition models and build a prediction model for each specific group to detect an attack scenario.