An Effective Network Intrusion Detection Using Hellinger Distance-Based Monitoring Mechanism
KAUST DepartmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
KAUST Grant NumberOSR-2015-CRG4-2582
Online Publication Date2019-03-18
Print Publication Date2018-11
Permanent link to this recordhttp://hdl.handle.net/10754/631834
MetadataShow full item record
AbstractThis paper proposes an intrusion detection scheme for Denial Of Service (DOS) and Distributed DOS (DDOS) attacks detection. We used Hellinger distance (HD), which is an effective measure to quantify the similarity between two distributions, to detect the presence of potential malicious attackers. Specifically, we applied HD-based anomaly detection mechanism to detect SYN and ICMPv6-based DOS/DDOS attacks. Here, Shewhart chart is applied to HD to set up a detection threshold. The proposed mechanism is evaluated using DARPA99 and ICMPv6 traffic datasets. Results indicate that our mechanism accomplished reliable detection of DOS/DDOS flooding attacks.
CitationBouyeddou B, Harrou F, Sun Y, Kadri B (2018) An Effective Network Intrusion Detection Using Hellinger Distance-Based Monitoring Mechanism. 2018 International Conference on Applied Smart Systems (ICASS). Available: http://dx.doi.org/10.1109/ICASS.2018.8652008.
SponsorsThe research reported in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST) Office of Sponsored Research (OSR) under Award No: OSR-2015-CRG4-2582. The authors (Benamar Bouyeddou and Benamar Kadri) would like to thank the STIC Lab, Department of Telecommunications, Abou Bekr Belkaid University for the continued support during the research.
Conference/Event name2018 International Conference on Applied Smart Systems, ICASS 2018