A Novel Method for Detecting Reduction of Quality (RoQ) Attack Based on Fast Independent Component Analysis

RoQ (Reduction of Quality) attack is more stealthy and changeable than traditional DoS (Denial of Service) attack, which makes detection of RoQ extremely difficult. In order to improve detection accuracy and locate attack sources in time, this paper turns modeling attack flow extraction into a process of blind sources separation. A method is proposed based on fast ICA (Independent Component Analysis) to detach RoQ flow from several observation network devices and terminals. Then, some features parameters that represent attack flow are extracted. After that, a system of collaborative detection system is designed on the basis of SVM (Support Vector Machine), using marked attack and no-attack samples to train the SVM classifier in order to detect RoQ attack finally. Simulation results illustrate that this method can detect IP spoofed RoQ attack as well as locate the attacker, accuracy of which reaches up to 90%. Moreover, choosing appropriate ICA parameters will improve results to some extent.