Şimşek, MehmetŞentürk, Arafat2020-05-012020-05-0120181074-53511099-1131https://doi.org/10.1002/dac.3823https://hdl.handle.net/20.500.12684/5953WOS: 000450984700011Detection and filtering of low-rate distributed denial of service (LDDoS) attacks is hard since their behavior is similar to legitimate users' behavior. In the literature, there are many filtering approaches and metrics for LDDoS attacks. However, most of the LDDoS detection methods in the literature only monitor congestion state. Actually, precongestion period that the attack has already started has valuable information about the attack. In this study, we proposed a method that uses precongestion period for metric calculation. Also, most of LDDoS filtering approaches have high false-positive and false-negative rates and also require long period of time for detection. Additionally, we developed an efficient method for detection and filtering of LDDoS attacks. According to the experimental results, the proposed LDDoS detection method has zero false-positive and false-negative rates under the scenarios; attack detection time is significantly reduced with using the proposed metric calculation approach. Also, the proposed method has a simple logic, and it requires simple calculations. This increases the applicability of the developed method.en10.1002/dac.3823info:eu-repo/semantics/closedAccessdistributed denial of service attacksinternet of thingslightweight securitynetwork securityArticle3118WOS:000450984700011Q2Q3