Analysing the Influence of the DCBF data Structure on the DoS Attack Detection

One of the most common threats to internet security isthe Denial of Service attack. There are numerous methods and protocol changes in an effort to detect them. The most common DoS attack detection method relies on the number of the TCP control packet in the network flow. The Bloom filter represents a spaceefficient data structure that is commonly utilized to detect matching pairs. There are multiple algorithms for the DoS attack detection based on the Bloom filter. The SACK(2) algorithm uses the SYN/ACK - ACK matching pair detection with the Bloom filter data structure. The false positive error introduced by the Bloom filter influences on the matching pair detection in the algorithm. The improved SACK(2) algorithm significantly reduces the false positive error by replacing the Counting Bloom Filter (CBF) data structure with the Dual Counting Bloom Filter (DCBF) data structure. This improvement significantly improves the matching pair detection. It is expected that the false positive error should influence on the detection of the DoS attack. In this paper, the experimental study is performed to analyse this influence. This study confirms the correlation between the false positive error and the DoS attack detection.