Şimşek, Mehmet2020-04-302020-04-3020151939-01141939-0122https://doi.org/10.1002/sec.1302https://hdl.handle.net/20.500.12684/2408WOS: 000367922500042Low-rate distributed denial-of-service (LDDoS) attacks dramatically reduce transmission control protocol throughput by exploiting the vulnerability in the transmission control protocol congestion control mechanism. The current study proposes a new metric called mean Internet Protocol (IP) packet delay variation (mipdv) to detect LDDoS flows and a filtering method called ipdv-based LDDoS filtering (ILF) using mipdv. Receiving first seven packets from a flow is sufficient to calculate the mipdv metric. Subsequently, mipdv can be recalculated for each received packet. This makes the detection of LDDoS flows possible in a short time (in a few tens of milliseconds in most cases). Ns2 simulations were conducted to evaluate the performance of ILF. Experimental results show that ILF detects LDDoS flows in a very short time with very high accuracy. Copyright (C) 2015 John Wiley & Sons, Ltd.en10.1002/sec.1302info:eu-repo/semantics/closedAccesslow-rate distributed DoSTCPQoSipdvcongestionArticle81838153825WOS:000367922500042Q2Q3