Detecting network cyber-attacks using an integrated statistical approach

Anomaly detection in the Internet of Things (IoT) is imperative to improve its reliability and safety. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the critical security challenges facing network technologies. This paper presents an anomaly detection mechanism using the Kullback–Leibler distance (KLD) to detect DOS and DDOS flooding attacks, including transmission control protocol (TCP) SYN flood, UDP flood, and ICMP-based attacks. This mechanism integrates the desirable properties of KLD, the capacity to quantitatively discriminate between two distributions, with the sensitivity of an exponential smoothing scheme. The primary reason for exponentially smoothing KLD measurements (ES–KLD) is to aggregate all of the information from past and actual samples in the decision rule, making the detector sensitive to small anomalies. Furthermore, a nonparametric approach using kernel density estimation has been used to set a threshold for ES-KLD decision statistic to uncover the presence of attacks. Tests on three publicly available datasets show improved performances of the proposed mechanism in detecting cyber-attacks compared to other conventional monitoring procedures.

[1]  Fouzi Harrou,et al.  Detection of smurf flooding attacks using Kullback-Leibler-based scheme , 2018, 2018 4th International Conference on Computer and Technology Applications (ICCTA).

[2]  Mitko Bogdanoski,et al.  Analysis of the SYN Flood DoS Attack , 2013 .

[3]  Kresimir Fertalj,et al.  Denial of service attacks, defences and research challenges , 2017, Cluster Computing.

[4]  Yen-Chieh Ouyang,et al.  A Secure Scheme Against Power Exhausting Attacks in Hierarchical Wireless Sensor Networks , 2015, IEEE Sensors Journal.

[5]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[6]  Salim Hariri,et al.  Anomaly Behavior Analysis of IoT Protocols , 2020 .

[7]  Fouzi Harrou,et al.  Detecting cyber-attacks using a CRPS-based monitoring approach , 2018, 2018 IEEE Symposium Series on Computational Intelligence (SSCI).

[8]  Laura Galluccio,et al.  OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers , 2015, Comput. Networks.

[9]  R. K. Agrawal,et al.  Combination of Kullback–Leibler divergence and Manhattan distance measures to detect salient objects , 2015, Signal Image Video Process..

[10]  R. Kesavamoorthy,et al.  Swarm intelligence based autonomous DDoS attack detection and defense using multi agent system , 2018, Cluster Computing.

[11]  Jun Zheng,et al.  An Anomaly Intrusion Detection System Based on Vector Quantization , 2006, IEICE Trans. Inf. Syst..

[12]  S. Selvakumar,et al.  A statistical class center based triangle area vector method for detection of denial of service attacks , 2020, Cluster Computing.

[13]  Sumit Badotra,et al.  SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking , 2020, Cluster Computing.

[14]  Ying Sun,et al.  A Method to Detect DOS and DDOS Attacks based on Generalized Likelihood Ratio Test , 2018, 2018 International Conference on Applied Smart Systems (ICASS).

[15]  Hadis Karimipour,et al.  Learning Based Anomaly Detection in Critical Cyber-Physical Systems , 2020 .

[16]  Chen Yang,et al.  Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment , 2018, Cluster Computing.

[17]  Santosh Biswas,et al.  Detection of NDP based attacks using MLD , 2012, SIN '12.

[18]  Hongyang Li,et al.  Design of data-injection attacks for cyber-physical systems based on Kullback-Leibler divergence , 2019, Neurocomputing.

[19]  Zubair A. Baig,et al.  Multi-Agent pattern recognition mechanism for detecting distributed denial of service attacks , 2010, IET Inf. Secur..

[20]  Gautam Srivastava,et al.  Anomaly Detection in Cyber-Physical Systems Using Machine Learning , 2020, Handbook of Big Data Privacy.

[21]  Fouzi Harrou,et al.  Detecting SYN flood attacks via statistical monitoring charts: A comparative study , 2017, 2017 5th International Conference on Electrical Engineering - Boumerdes (ICEE-B).

[22]  J. Premalatha,et al.  Intrusion detection of distributed denial of service attack in cloud , 2017, Cluster Computing.

[23]  Christopher D. McDermott,et al.  Investigation of computational intelligence techniques for intrusion detection in wireless sensor networks. , 2017 .

[24]  Fernando Gont,et al.  ICMP Attacks against TCP , 2010, RFC.

[25]  Mohamad Mazen Hittawe,et al.  Malicious attacks detection in crowded areas using deep learning-based approach , 2020, IEEE Instrumentation & Measurement Magazine.

[26]  Bahari Belaton,et al.  ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review , 2017 .

[27]  Fouzi Harrou,et al.  Kullback-Leibler distance-based enhanced detection of incipient anomalies , 2016 .

[28]  Irfan Al-Anbagi,et al.  A Low Power WSNs Attack Detection and Isolation Mechanism for Critical Smart Grid Applications , 2019, IEEE Sensors Journal.

[29]  Yuanqing Xia,et al.  Optimal Stealthy Deception Attack Against Cyber-Physical Systems , 2020, IEEE Transactions on Cybernetics.

[30]  Dominik Olszewski,et al.  Fraud Detection in Telecommunications Using Kullback-Leibler Divergence and Latent Dirichlet Allocation , 2011, ICANNGA.

[31]  Abdel Razzaq Mugdadi,et al.  A bandwidth selection for kernel density estimation of functions of random variables , 2004, Comput. Stat. Data Anal..

[32]  Salim Hariri,et al.  Context aware intrusion detection for building automation systems , 2019, Comput. Secur..

[34]  Ling Shi,et al.  Worst-case stealthy innovation-based linear attack on remote state estimation , 2018, Autom..

[35]  Vijay Gupta,et al.  Data-injection attacks in stochastic control systems: Detectability and performance tradeoffs , 2017, Autom..

[36]  Yen-Chi Chen,et al.  A tutorial on kernel density estimation and recent advances , 2017, 1704.03924.

[37]  Abdelmalek Toumi,et al.  Target Recognition in Radar Images Using Weighted Statistical Dictionary-Based Sparse Representation , 2017, IEEE Geoscience and Remote Sensing Letters.

[38]  L. Pardo Statistical Inference Based on Divergence Measures , 2005 .

[39]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[40]  A. J. Morris,et al.  Non-parametric confidence bounds for process performance monitoring charts☆ , 1996 .

[41]  Joel J. P. C. Rodrigues,et al.  An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics , 2018, Future Gener. Comput. Syst..

[42]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[43]  R. Saranya,et al.  Integrated quantum flow and hidden Markov chain approach for resisting DDoS attack and C-Worm , 2018, Cluster Computing.

[44]  Ling Shi,et al.  The Performance and Limitations of $\epsilon$- Stealthy Attacks on Higher Order Systems , 2017, IEEE Transactions on Automatic Control.

[45]  Natalia G. Miloslavskaya,et al.  Internet of Things: information security challenges and solutions , 2018, Cluster Computing.

[46]  Xin Gao,et al.  Performance evaluation of automatic object detection with post-processing schemes under enhanced measures in wide-area aerial imagery , 2020, Multimedia Tools and Applications.

[47]  Rajat Saxena,et al.  DDoS attack prevention using collaborative approach for cloud computing , 2019, Cluster Computing.

[48]  Eric Levy-Abegnoli,et al.  IPv6 Router Advertisement Guard , 2011, RFC.

[49]  Ali Dehghantanha,et al.  Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey , 2019, Internet Things.

[50]  Mauro Conti,et al.  SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks , 2017, IEEE Transactions on Network and Service Management.

[51]  Ying Sun,et al.  An Effective Network Intrusion Detection Using Hellinger Distance-Based Monitoring Mechanism , 2018, 2018 International Conference on Applied Smart Systems (ICASS).

[52]  Zheli Liu,et al.  An efficient DDoS detection based on SU-Genetic feature selection , 2018, Cluster Computing.

[53]  Fouzi Harrou,et al.  Enhanced Anomaly Detection Via PLS Regression Models and Information Entropy Theory , 2015, 2015 IEEE Symposium Series on Computational Intelligence.

[54]  Fouzi Harrou,et al.  Integrating Model-Based Observer and Kullback–Leibler Metric for Estimating and Detecting Road Traffic Congestion , 2018, IEEE Sensors Journal.

[55]  Yan Li,et al.  An Efficient DDoS TCP Flood Attack Detection and Prevention System in a Cloud Environment , 2017, IEEE Access.