Low-rate denial-of-service (DoS) attacks, which can exploit vulnerabilities in Internet protocols to deteriorate the quality of service, are variants of DoS attacks. It is challenging to identify low-rate DoS attacks using traditional DoS defence mechanisms due to their low attack rate and stealthy nature. Most of the existing attack detection techniques are based on statistical analysis and signal processing. They usually show a high false negative rate and are only applicable to small-scale data. We propose a new low-rate DoS attack detection scheme based on the self-adaptive density-based spatial clustering of applications with noise (SADBSCAN) algorithm. The SADBSCAN algorithm provides a solution to adaptively identify clusters in multidensity datasets. We use the SADBSCAN algorithm to group network traffic according to the characteristics of the network traffic subject to low-rate DoS attacks. Then, we use cosine similarity to determine whether the groups contain low-rate DoS attacks. To evaluate performance, we conducted experiments and compared the results with those of other detection solutions. The experimental data include data generated by the NS-2 and TestBed simulations and the WIDE public dataset. The results show that our scheme improves the detection accuracy, reduces the false negative rate, and can be adapted to large-scale complex network environments.

低速拒绝服务（DoS）攻击是DoS的变体，它可以利用Internet协议中的漏洞来降低服务质量。攻击。使用传统的DoS防御机制来识别低速率DoS攻击具有挑战性，因为它们的攻击率低且具有隐秘性。现有的大多数攻击检测技术都基于统计分析和信号处理。它们通常显示出较高的误报率，并且仅适用于小规模数据。我们基于噪声的应用程序基于自适应密度的空间聚类（SADBSCAN）算法，提出了一种新的低速率DoS攻击检测方案。SADBSCAN算法提供了一种解决方案，可以自适应地识别多密度数据集中的聚类。我们使用SADBSCAN算法根据受到低速率DoS攻击的网络流量的特征对网络流量进行分组。然后，我们使用余弦相似度确定组是否包含低速DoS攻击。为了评估性能，我们进行了实验，并将结果与​​其他检测解决方案的结果进行了比较。实验数据包括由NS-2和TestBed仿真以及WIDE公共数据集生成的数据。结果表明，该方案提高了检测精度，降低了误报率，可以适应大规模复杂的网络环境。