A Method to Detect DOS and DDOS Attacks based on Generalized Likelihood Ratio Test

Fouzi Harrou, Benamar Bouyeddou, Ying Sun, Benamar Kadri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations


Denial of service (DOS) and distributed DOS (DDOS) continue to be a significant concern in internet and networking systems. This paper targets to develop an anomaly detection mechanism based on the generalized likelihood ratio (GLR) scheme to detect TCP and ICMPv6 based DOS/DDOS attacks. The anomaly detection problem is addressed as a hypothesis testing problem. The proposed approach uses GLR test to monitor internet traffic for better detecting potential cyber- attacks. The decision threshold of GLR approach has been computed non parametrically based on kernel density estimation. To evaluate the performance of this approach, two network traffic datasets have been used namely the DARPA99 and ICMPv6 datasets. Results highlight the efficiency of the proposed method.
Original languageEnglish (US)
Title of host publication2018 International Conference on Applied Smart Systems (ICASS)
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
ISBN (Print)9781538668665
StatePublished - Mar 18 2019

Bibliographical note

KAUST Repository Item: Exported on 2020-10-01
Acknowledged KAUST grant number(s): OSR-2015-CRG4-2582
Acknowledgements: The research reported in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST) Office of Sponsored Research (OSR) under Award No: OSR-2015-CRG4-2582. The authors (Benamar Bouyeddou and Benamar Kadri) would like to thank the STIC Lab, Department of Telecommunications, Abou Bekr Belkaid University for the continued support during the research.


Dive into the research topics of 'A Method to Detect DOS and DDOS Attacks based on Generalized Likelihood Ratio Test'. Together they form a unique fingerprint.

Cite this