Nonparametric Kullback-Leibler distance-based method for networks intrusion detection
KAUST DepartmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
Environmental Statistics Group
Permanent link to this recordhttp://hdl.handle.net/10754/667671
MetadataShow full item record
AbstractAnomaly detection enables identifying atypical events in network systems. Revealing denial of service (DOS) and distributed DOS (DDOS) is a critical security challenge confronting network technologies. This work advocates using Kullback-Leibler distance (KLD) to track DOS and DDOS flooding attacks, including SYN flood, UDP flood, and Smurf attacks. The proposed mechanism's key novelty is the amalgamation of the desirable characteristics of KLD with the sensitivity of an exponential smoothing algorithm. Notably, the use of exponentially smoothing is expected to improve the detector sensitivity to small anomalies. Besides, the proposed mechanism does not need knowledge about data distribution. Meanwhile, kernel density estimation usage to set a threshold for ES-KLD decision statistic improves the flexibility of the proposed mechanism. Tests on the publicly available DARPA99 dataset showing enhanced outputs of the developed approach in detecting cyber-attacks compared to other traditional monitoring procedures.
CitationBouyeddou, B., Kadri, B., Harrou, F., & Sun, Y. (2020). Nonparametric Kullback-Leibler distance-based method for networks intrusion detection. 2020 International Conference on Data Analytics for Business and Industry: Way Towards a Sustainable Economy (ICDABI). doi:10.1109/icdabi51230.2020.9325642
Conference/Event name2020 International Conference on Data Analytics for Business and Industry: Way Towards a Sustainable Economy, ICDABI 2020