Performance Degradation of Static Countermeasures Against Low-Volume Denial-of-Service Attacks

  • Bruno M. dos Santos UFF
  • Ian V. Bastos UERJ
  • Igor M. Moraes UFF

Abstract


Intrusion detection systems based on supervised machine learning algorithms face limitations due to their reliance on network traffic distributions observed during the training phase. This article evaluates the robustness of the XGBoost classifier against low-rate denial-of-service attacks with dynamic parameters. The results show that variations in transmission rate, duration, and attack cycle distance real-time traffic from the patterns seen during training, characterizing a concept drift. This phenomenon severely degrades the classifier’s detection performance. Experiments demonstrate a significant reduction in recall and F1-score. While both metrics initially remained above 96%, following the concept drift and considering the worst-case scenario, these values declined to 65.99% and 79.34%, respectively. Therefore, static countermeasures fail to generalize to dynamic scenarios, necessitating continuous adaptation mechanisms to preserve classifier efficacy.

References

Al-Shukaili, N. A., Kiah, M. L. M., and Ahmedy, I. (2025). Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack. Discover Internet of Things, 5(80).

Camarda, S., Musumeci, F., and Torre, G. (2025). Managing concept drift in online intrusion detection systems. Joint National Conference on Cybersecurity.

Chen, T. and Guestrin, C. (2016). Xgboost: A scalable tree boosting system. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 785–794, New York, NY, USA. ACM.

Fu, Z., Li, M., Wu, Y., and Liu, Q. (2022). Low-rate denial of service attack detection method based on time-frequency characteristics. Journal of Cloud Computing, 11.

Gama, J., Žliobait schoole, I., Bifet, A., Pechenizkiy, M., and Bouchachia, A. (2014). A survey on concept drift adaptation. ACM Computing Surveys (CSUR), 46(4):1–37.

Kuzmanovic, A. and Knightly, E. W. (2003). Low-rate tcp-targeted denial of service attacks: the shrew vs. the mice and elephants. In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pages 75–86.

Leveni, F. and Boracchi, G. (2025). Online isolation forest. In Proceedings of the 41st International Conference on Machine Learning (ICML), volume 235 of Proceedings of Machine Learning Research, pages 26858–26876. PMLR.

Liu, B., Tang, D., Chen, J., and Liang, W. (2024). ERT-EDR: Online defense framework for TCP-targeted LDoS attacks in SDN. Expert Systems with Applications, 254:124356.

Lu, J., Liu, A., Dong, F., Gu, F., Gama, J., and Zhang, G. (2019). Learning under concept drift: A review. IEEE Transactions on Knowledge and Data Engineering, pages 2346 – 2363.

Ma, X., Li, X., He, Y., Qi, Q., and Li, H. (2025). BDTM: Bidirectional detection and traceability mitigation of LDoS attacks in SDN. IEEE Transactions on Network and Service Management, 20:6826 – 6839.

Pérez-Díaz, J. A., Valdovinos, I. A., Choo, K.-K. R., and Zhu, D. (2020). A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access, 8:155859–155872.

Rios, V. M., Inácio, P. R. M., and Maimó, D. (2022). Detection and mitigation of low-rate denial-of-service attacks: A survey. IEEE Access, 10:76648–76668.

Shyaa, W., Gharaibeh, H., and Rawashdeh, M. (2024). Evolving cybersecurity frontiers: A comprehensive survey on concept drift and feature dynamics-aware machine learning and deep learning in intrusion detection systems. Engineering Applications of Artificial Intelligence.

Tang, D., Yan, Y., Zhang, S., Chen, J., and Qin, Z. (2022). Performance and features: Mitigating the low-rate TCP-targeted DoS attack via SDN. IEEE Journal on Selected Areas in Communications, 40:428 – 444.

Tang, D., Yan, Y., Zhang, S., Chen, J., and Qin, Z. (2025). Trident: A low-rate DoS attack mitigation scheme based on port and traffic state in SDN. IEEE Transactions on Computers, 74:1758–1770.

Wahab, O. A. (2022). Intrusion detection in the IoT under data and concept drifts: Online deep learning approach. IEEE Internet of Things Journal, 9(20):19706 – 19716.

Wu, Z., Zhang, L., and Yue, M. (2020). Low-rate DoS attacks, detection, defense, and challenges: A survey. IEEE Access, 8:43920–43943.

Yoachimik, O. and Pacheco, J. (2026). 2025 q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults. Technical report, Cloudflare. Disponível em [link].
Published
2026-05-25
SANTOS, Bruno M. dos; BASTOS, Ian V.; MORAES, Igor M.. Performance Degradation of Static Countermeasures Against Low-Volume Denial-of-Service Attacks. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 44. , 2026, Praia do Forte/BA. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2026 . p. 533-546. ISSN 2177-9384. DOI: https://doi.org/10.5753/sbrc.2026.19860.

Most read articles by the same author(s)

1 2 > >>