Template LDoS Algorithm System Based on Improved CatBoost Detection

Software-defined networking (SDN) is an emerging network architecture that separates the control plane from the data plane of the network, enabling better control and management of network traffic while providing powerful centralized management capabilities and scalability. However, the centralized control model and flexibility of SDN also provides opportunities for low-rate denial-of-service (LDoS) attacks.First, SDN networks are vulnerable to LDoS attacks. If a low-rate denial-of-service (LDoS) attack occurs in an SDN network, the performance and availability of the entire network will be severely impacted.Second, SDN can enhance the effectiveness of LDoS attacks, and attackers can use SDN controllers to route attack traffic to specific parts of the target system, making the attacks more targeted. LDoS attack is a type of attack that intermittently sends short bursts of high-frequency packets to consume resources of the target system, aiming to degrade the quality of network services. Due to the periodic and intermittent nature of LDoS attacks, traditional distributed denial-of-service (DDoS) detection mechanisms have difficulty detecting them, resulting in high false alarm and missed alarm rates. This paper presents an online real-time detection (ORTD) attack system, which is deployed on SDN controllers and follows OpenFlow policies. The ORTD system consists of two modules: a coarse detection module and a CatBoost detection module. The two-level detection module combines port flow characteristics-based and CatBoost flow classifier based on OpenFlow flow table statistics to accurately detect LDoS attacks. Experimental results of the ORTD system show that it not only has a superior detection rate compared to traditional LDoS detection systems, but also reduces false alarm rates and missed detection rates.