An Effective Network Intrusion Detection Using Hellinger Distance-Based Monitoring Mechanism

Bouyeddou, Benamar; Harrou, Fouzi; Sun, Ying; Kadri, Benamar

Name:

ICASS-302.pdf

Size:

933.4Kb

Format:

PDF

Description:

Accepted Manuscript

Download

Type

Conference Paper

Date

2019-03-18

Online Publication Date

2019-03-18

Print Publication Date

2018-11

Permanent link to this record

http://hdl.handle.net/10754/631834

Metadata

Show full item record

Abstract

This paper proposes an intrusion detection scheme for Denial Of Service (DOS) and Distributed DOS (DDOS) attacks detection. We used Hellinger distance (HD), which is an effective measure to quantify the similarity between two distributions, to detect the presence of potential malicious attackers. Specifically, we applied HD-based anomaly detection mechanism to detect SYN and ICMPv6-based DOS/DDOS attacks. Here, Shewhart chart is applied to HD to set up a detection threshold. The proposed mechanism is evaluated using DARPA99 and ICMPv6 traffic datasets. Results indicate that our mechanism accomplished reliable detection of DOS/DDOS flooding attacks.

Citation

Bouyeddou B, Harrou F, Sun Y, Kadri B (2018) An Effective Network Intrusion Detection Using Hellinger Distance-Based Monitoring Mechanism. 2018 International Conference on Applied Smart Systems (ICASS). Available: http://dx.doi.org/10.1109/ICASS.2018.8652008.