Detection of smurf flooding attacks using Kullback-Leibler-based scheme

Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.

[2]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[3]  Said El Kafhali,et al.  DDoS attack detection using machine learning techniques in cloud computing environments , 2017, 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech).

[4]  R. K. Agrawal,et al.  Combination of Kullback–Leibler divergence and Manhattan distance measures to detect salient objects , 2015, Signal Image Video Process..

[5]  S. Sahib,et al.  A Framework of Features Selection for IPv 6 Network Attacks Detection , 2015 .

[6]  Fouzi Harrou,et al.  Kullback-Leibler distance-based enhanced detection of incipient anomalies , 2016 .

[7]  Fouzi Harrou,et al.  Detecting SYN flood attacks via statistical monitoring charts: A comparative study , 2017, 2017 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B).

[8]  Izzat Alsmadi,et al.  Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach , 2017, J. Netw. Comput. Appl..

[9]  William J. Buchanan,et al.  Evaluation of TFTP DDoS amplification attack , 2016, Comput. Secur..

[10]  A.L. Narasimha Reddy,et al.  Mitigation of DoS attacks through QoS regulation , 2002, IEEE 2002 Tenth IEEE International Workshop on Quality of Service (Cat. No.02EX564).

[11]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification , 2006, RFC.

[12]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[13]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[14]  Sajal Bhatia,et al.  Ensemble-based model for DDoS attack detection and flash event separation , 2016, 2016 Future Technologies Conference (FTC).

[15]  M. A. Vinoth Kumar,et al.  Identifying and Blocking High and Low Rate DDOS ICMP Flooding , 2015 .

[16]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[17]  Shunzheng Yu,et al.  CIPA: A collaborative intrusion prevention architecture for programmable network and SDN , 2016, Comput. Secur..

[18]  Fernando Gont,et al.  ICMP Attacks against TCP , 2010, RFC.

[19]  Ebrahim A. Gharavol,et al.  A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks , 2016, IEEE Communications Letters.

[20]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[21]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[22]  Wesam Bhaya,et al.  DDoS attack detection approach using an efficient cluster analysis in large data scale , 2017, 2017 Annual Conference on New Trends in Information & Communications Technology Applications (NTICT).

[23]  Murizah Kassim An Analysis on Bandwidth Utilization and Traffic Pattern for Network Security Management , 2011 .

[24]  Abdelmalek Toumi,et al.  Target Recognition in Radar Images Using Weighted Statistical Dictionary-Based Sparse Representation , 2017, IEEE Geoscience and Remote Sensing Letters.