Search
Now showing items 1-4 of 4
A Method to Detect DOS and DDOS Attacks based on Generalized Likelihood Ratio Test
(2018 International Conference on Applied Smart Systems (ICASS), Institute of Electrical and Electronics Engineers (IEEE), 2019-03-18) [Conference Paper]
Denial of service (DOS) and distributed DOS (DDOS) continue to be a significant concern in internet and networking systems. This paper targets to develop an anomaly detection mechanism based on the generalized likelihood ratio (GLR) scheme to detect TCP and ICMPv6 based DOS/DDOS attacks. The anomaly detection problem is addressed as a hypothesis testing problem. The proposed approach uses GLR test to monitor internet traffic for better detecting potential cyber- attacks. The decision threshold of GLR approach has been computed non parametrically based on kernel density estimation. To evaluate the performance of this approach, two network traffic datasets have been used namely the DARPA99 and ICMPv6 datasets. Results highlight the efficiency of the proposed method.
An Effective Network Intrusion Detection Using Hellinger Distance-Based Monitoring Mechanism
(2018 International Conference on Applied Smart Systems (ICASS), Institute of Electrical and Electronics Engineers (IEEE), 2019-03-18) [Conference Paper]
This paper proposes an intrusion detection scheme for Denial Of Service (DOS) and Distributed DOS (DDOS) attacks detection. We used Hellinger distance (HD), which is an effective measure to quantify the similarity between two distributions, to detect the presence of potential malicious attackers. Specifically, we applied HD-based anomaly detection mechanism to detect SYN and ICMPv6-based DOS/DDOS attacks. Here, Shewhart chart is applied to HD to set up a detection threshold. The proposed mechanism is evaluated using DARPA99 and ICMPv6 traffic datasets. Results indicate that our mechanism accomplished reliable detection of DOS/DDOS flooding attacks.
Detecting cyber-attacks using a CRPS-based monitoring approach
(2018 IEEE Symposium Series on Computational Intelligence (SSCI), Institute of Electrical and Electronics Engineers (IEEE), 2019-02-28) [Conference Paper]
Cyber-attacks can seriously affect the security of computers and network systems. Thus, developing an efficient anomaly detection mechanism is crucial for information protection and cyber security. To accurately detect TCP SYN flood attacks, two statistical schemes based on the continuous ranked probability score (CRPS) metric have been designed in this paper. Specifically, by integrating the CRPS measure with two conventional charts, Shewhart and the exponentially weighted moving average (EWMA) charts, novel anomaly detection strategies were developed: CRPS-Shewhart and CRPS-EWMA. The efficiency of the proposed methods has been verified using the 1999 DARPA intrusion detection evaluation datasets.
Detection of smurf flooding attacks using Kullback-Leibler-based scheme
(2018 4th International Conference on Computer and Technology Applications (ICCTA), Institute of Electrical and Electronics Engineers (IEEE), 2018-06-28) [Conference Paper]
Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.