DDOS-attacks detection using an efficient measurement-based statistical mechanism

Abstract A monitoring mechanism is vital for detecting malicious attacks against cyber systems. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the most important security challenges facing network technologies. This paper introduces a reliable detection mechanism based on the continuous ranked probability score (CRPS) statistical metric and exponentially smoothing (ES) scheme for enabling efficient detection of DOS and DDOS attacks. In this regard, the CRPS is used to quantify the dissimilarity between a new observation and the distribution of normal traffic. The ES scheme, which is sensitive in detecting small changes, is applied to CRPS measurements for anomaly detection. Moreover, in CRPS-ES approach, a nonparametric decision threshold computed via kernel density estimation is used to suitably detect anomalies. Tests on three publically available datasets proclaim the efficiency of the proposed mechanism in detecting cyber-attacks.

[1]  Nirwan Ansari,et al.  Low rate TCP denial-of-service attack detection at edge routers , 2005, IEEE Communications Letters.

[2]  Wanlei Zhou,et al.  Information theory based detection against network behavior mimicking DDoS attacks , 2008, IEEE Communications Letters.

[3]  Yu Lasheng,et al.  Deep Learning Approach Combining Sparse Autoencoder With SVM for Network Intrusion Detection , 2018, IEEE Access.

[4]  T. Gneiting,et al.  The continuous ranked probability score for circular variables and its application to mesoscale forecast ensemble verification , 2006 .

[5]  Parviz Keshavarzi,et al.  Key management issue in SCADA networks: A review , 2017 .

[6]  Esraa Alomari,et al.  An Intelligent ICMPv6 DDoS Flooding-Attack Detection Framework (v6IIDS) using Back-Propagation Neural Network , 2016 .

[7]  Yang Yu,et al.  A Hybrid Spectral Clustering and Deep Neural Network Ensemble Algorithm for Intrusion Detection in Sensor Networks , 2016, Sensors.

[8]  Ebrahim A. Gharavol,et al.  A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks , 2016, IEEE Communications Letters.

[9]  Joel J. P. C. Rodrigues,et al.  An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics , 2018, Future Gener. Comput. Syst..

[10]  Jun Zheng,et al.  An Anomaly Intrusion Detection System Based on Vector Quantization , 2006, IEICE Trans. Inf. Syst..

[11]  Silviu Folea,et al.  Analysis of Three IoT-Based Wireless Sensors for Environmental Monitoring , 2017, IEEE Transactions on Instrumentation and Measurement.

[12]  Abdel Razzaq Mugdadi,et al.  A bandwidth selection for kernel density estimation of functions of random variables , 2004, Comput. Stat. Data Anal..

[13]  Sushanta Karmakar,et al.  Intrusion detection in Mobile Ad-hoc Networks: Bayesian game formulation , 2016 .

[14]  Francisco J. Ros,et al.  On reliable controller placements in Software-Defined Networks , 2016, Comput. Commun..

[15]  Bahari Belaton,et al.  ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review , 2017 .

[16]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[17]  Mauro Conti,et al.  SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks , 2017, IEEE Transactions on Network and Service Management.

[18]  Shubair A. Abdullah SEUI-64, bits an IPv6 addressing strategy to mitigate reconnaissance attacks , 2019 .

[19]  Yuanqing Xia,et al.  Optimal Stealthy Deception Attack Against Cyber-Physical Systems , 2020, IEEE Transactions on Cybernetics.

[20]  Mitko Bogdanoski,et al.  Analysis of the SYN Flood DoS Attack , 2013 .

[21]  R. L. Winkler,et al.  Scoring Rules for Continuous Probability Distributions , 1976 .

[22]  Fouzi Harrou,et al.  Monitoring linear antenna arrays using an exponentially weighted moving average-based fault detection scheme , 2014 .

[23]  Fouzi Harrou,et al.  An Improved Multivariate Chart Using Partial Least Squares With Continuous Ranked Probability Score , 2018, IEEE Sensors Journal.

[24]  Christopher D. McDermott,et al.  Investigation of computational intelligence techniques for intrusion detection in wireless sensor networks. , 2017 .

[25]  Abdulsalam Yassine,et al.  Software defined network traffic measurement: Current trends and challenges , 2015, IEEE Instrumentation & Measurement Magazine.

[26]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[27]  Wei Wei,et al.  A Rank Correlation Based Detection against Distributed Reflection DoS Attacks , 2013, IEEE Communications Letters.

[28]  A. J. Morris,et al.  Non-parametric confidence bounds for process performance monitoring charts☆ , 1996 .

[29]  Gilles Lefebvre,et al.  Contaminated sites, waste management, and green chemistry: new challenges from monitoring to remediation , 2018, Environmental Science and Pollution Research.

[30]  Adriano M. Pereira,et al.  A customized classification algorithm for credit card fraud detection , 2018, Eng. Appl. Artif. Intell..

[31]  Tien Yin Wong,et al.  An anomaly detection approach for the identification of DME patients using spectral domain optical coherence tomography images , 2017, Comput. Methods Programs Biomed..