Denial of service detection using dynamic time warping

With the rapid growth of security threats in computer networks, the need for developing efficient security‐warning systems is substantially increasing. Distributed denial‐of‐service (DDoS) and DoS attacks are still among the most effective and dreadful attacks that require robust detection. In this work, we propose a new method to detect TCP DoS/DDoS attacks. Since analyzing network traffic is a promising approach, our proposed method utilizes network traffic by decomposing the TCP traffic into control and data planes and exploiting the dynamic time warping (DTW) algorithm for aligning these two planes with respect to the minimum Euclidean distance. By demonstrating that the distance between the control and data planes is considerably small for benign traffic, we exploit this characteristic for detecting attacks as outliers. An adaptive thresholding scheme is implemented by adjusting the value of the threshold in accordance with the local statistics of the median absolute deviation (MAD) of the distances between the two planes. We demonstrate the efficacy of the proposed method for detecting DoS/DDoS attacks by analyzing traffic data obtained from publicly available datasets.

[1]  Nhien-An Le-Khac,et al.  DDoSNet: A Deep-Learning Model for Detecting Network Attacks , 2020, 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[2]  R. Madhusudhan,et al.  An improved user authentication scheme for electronic medical record systems , 2020, Multimedia Tools and Applications.

[3]  Jalal Al-Muhtadi,et al.  A robust anomaly detection method using a constant false alarm rate approach , 2020, Multimedia Tools and Applications.

[4]  Sangarapillai Lambotharan,et al.  Anomaly Detection Using Dynamic Time Warping , 2019, 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[5]  Lidong Zhai,et al.  Botnet homology method based on symbolic approximation algorithm of communication characteristic curve , 2018, 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS).

[6]  Jing Ou,et al.  Network threat detection based on correlation analysis of multi-platform multi-source alert data , 2018, Multimedia Tools and Applications.

[7]  Jalal Al-Muhtadi,et al.  Analysis of P2P, IRC and HTTP traffic for botnets detection , 2018, Peer-to-Peer Netw. Appl..

[8]  Qiang Liu,et al.  TR-IDS: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest , 2018, Secur. Commun. Networks.

[9]  Silvano Vergura,et al.  Hypothesis Tests-Based Analysis for Anomaly Detection in Photovoltaic Systems in the Absence of Environmental Parameters , 2018 .

[10]  Fatemeh Farnia,et al.  Low-Rate False Alarm Anomaly-Based Intrusion Detection System with One-Class SVM , 2017 .

[11]  Mahmood Yousefi-Azar,et al.  Autoencoder-based feature learning for cyber security applications , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[12]  BASIL AsSADHAN,et al.  Anomaly Detection Based on LRD Behavior Analysis of Decomposed Control and Data Planes Network Traffic Using SOSS and FARIMA Models , 2017, IEEE Access.

[13]  Yang Yu,et al.  A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks , 2016, Sensors.

[14]  Pablo Torres,et al.  An analysis of Recurrent Neural Networks for Botnet detection behavior , 2016, 2016 IEEE Biennial Congress of Argentina (ARGENCON).

[15]  Shasha Wang,et al.  Deep feature weighting for naive Bayes and its application to text classification , 2016, Eng. Appl. Artif. Intell..

[16]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[17]  Jung-Shian Li,et al.  Novel intrusion prediction mechanism based on honeypot log similarity , 2016, Int. J. Netw. Manag..

[18]  Philippe Owezarski,et al.  Hunting attacks in the dark: clustering and correlation analysis for unsupervised anomaly detection , 2015, Int. J. Netw. Manag..

[19]  Ibrahim Ghafir,et al.  DNS traffic analysis for malicious domains detection , 2015, 2015 2nd International Conference on Signal Processing and Integrated Networks (SPIN).

[20]  Wanlei Zhou,et al.  Distributed Denial of Service (DDoS) detection by traffic pattern analysis , 2014, Peer-to-Peer Netw. Appl..

[21]  Xiangliang Zhang,et al.  Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks , 2014, Knowl. Based Syst..

[22]  Muttukrishnan Rajarajan,et al.  Exploring Worm Behaviors using DTW , 2014, SIN.

[23]  José M. F. Moura,et al.  An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic , 2013, Journal of advanced research.

[24]  Hamid H. Jebur,et al.  Machine Learning Techniques for Anomaly Detection: An Overview , 2013 .

[25]  Ming Yu,et al.  An Adaptive Method for Source-end Detection of Pulsing DoS Attacks , 2013 .

[26]  Christophe Ley,et al.  Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median , 2013 .

[27]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[28]  Yonghong Chen,et al.  DDoS Detection Algorithm Based on Preprocessing Network Traffic Predicted Method and Chaos Theory , 2013, IEEE Communications Letters.

[29]  János Abonyi,et al.  Correlation based dynamic time warping of multivariate time series , 2012, Expert Syst. Appl..

[30]  Huang Chuanhe,et al.  Anomaly Based Intrusion Detection Using Hybrid Learning Approach of Combining k-Medoids Clustering and Naïve Bayes Classification , 2012, 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing.

[31]  Sadok Ben Yahia,et al.  OMC-IDS: At the Cross-Roads of OLAP Mining and Intrusion Detection , 2012, PAKDD.

[32]  B. Rama Rao,et al.  Speaker Recognition using VQ and DTW , 2012 .

[33]  Philippe Owezarski,et al.  Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge , 2012, Comput. Commun..

[34]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[35]  Ming-Yang Su,et al.  Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification , 2011, J. Netw. Comput. Appl..

[36]  Vadlamani Ravi,et al.  Differential evolution trained wavelet neural networks: Application to bankruptcy prediction in banks , 2009, Expert Syst. Appl..

[37]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[38]  A. L. Narasimha Reddy,et al.  Statistical Techniques for Detecting Traffic Anomalies Through Packet Header Data , 2008, IEEE/ACM Transactions on Networking.

[39]  Mohamed Ben Ahmed,et al.  A Framework for an Adaptive Intrusion Detection System using Bayesian Network , 2007, 2007 IEEE Intelligence and Security Informatics.

[40]  John Mark Agosta,et al.  An adaptive anomaly detector for worm detection , 2007 .

[41]  Marcos Faúndez-Zanuy,et al.  On-line signature recognition based on VQ-DTW , 2007, Pattern Recognit..

[42]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[43]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[44]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[45]  Jude W. Shavlik,et al.  Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage , 2004, KDD.

[46]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[47]  Christopher Krügel,et al.  Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[48]  John A. Cafeo,et al.  CBR for Dimensional Management in a Manufacturing Plant , 2001, ICCBR.

[49]  S. Chiba,et al.  Dynamic programming algorithm optimization for spoken word recognition , 1978 .

[50]  Smitha Rajagopal,et al.  Towards Effective Network Intrusion Detection: From Concept to Creation on Azure Cloud , 2021, IEEE Access.

[51]  Xiangjian He,et al.  RTVD: A Real-Time Volumetric Detection Scheme for DDoS in the Internet of Things , 2020, IEEE Access.

[52]  Sylvio Barbon Junior,et al.  Artificial Immune Systems and Fuzzy Logic to Detect Flooding Attacks in Software-Defined Networks , 2020, IEEE Access.

[53]  Yiqiang Sheng,et al.  HAST-IDS: Learning Hierarchical Spatial-Temporal Features Using Deep Neural Networks to Improve Intrusion Detection , 2018, IEEE Access.

[54]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[55]  Yang Yu,et al.  Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders , 2017, Secur. Commun. Networks.

[56]  Ming Zhu,et al.  Malware traffic classification using convolutional neural network for representation learning , 2017, 2017 International Conference on Information Networking (ICOIN).

[57]  Ali A. Ghorbani,et al.  Towards a Reliable Intrusion Detection Benchmark Dataset , 2017 .

[58]  Misty K. Blowers,et al.  Machine Learning Applied to Cyber Operations , 2014, Network Science and Cybersecurity.

[59]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[60]  F. Ozkalemkaş,et al.  Primary pulmonary amyloidosis associated with multiple myeloma. , 2006, Tuberkuloz ve toraks.

[61]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[62]  D. Datar,et al.  International Journal of Research in Advent Technology an Efficient and Elastic Approach for Partial Shape Matching Using Dtw , 2022 .