TY - JOUR
T1 - DDOS-attacks detection using an efficient measurement-based statistical mechanism
AU - Bouyeddou, Benamar
AU - Kadri, Benamar
AU - Harrou, Fouzi
AU - Sun, Ying
N1 - KAUST Repository Item: Exported on 2020-10-01
Acknowledgements: The research reported in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST), Office of Sponsored Research (OSR) under Award No: OSR-2019- CRG7-3800.
PY - 2020/6/9
Y1 - 2020/6/9
N2 - A monitoring mechanism is vital for detecting malicious attacks against cyber systems. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the most important security challenges facing network technologies. This paper introduces a reliable detection mechanism based on the continuous ranked probability score (CRPS) statistical metric and exponentially smoothing (ES) scheme for enabling efficient detection of DOS and DDOS attacks. In this regard, the CRPS is used to quantify the dissimilarity between a new observation and the distribution of normal traffic. The ES scheme, which is sensitive in detecting small changes, is applied to CRPS measurements for anomaly detection. Moreover, in CRPS-ES approach, a nonparametric decision threshold computed via kernel density estimation is used to suitably detect anomalies. Tests on three publically available datasets proclaim the efficiency of the proposed mechanism in detecting cyber-attacks.
AB - A monitoring mechanism is vital for detecting malicious attacks against cyber systems. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the most important security challenges facing network technologies. This paper introduces a reliable detection mechanism based on the continuous ranked probability score (CRPS) statistical metric and exponentially smoothing (ES) scheme for enabling efficient detection of DOS and DDOS attacks. In this regard, the CRPS is used to quantify the dissimilarity between a new observation and the distribution of normal traffic. The ES scheme, which is sensitive in detecting small changes, is applied to CRPS measurements for anomaly detection. Moreover, in CRPS-ES approach, a nonparametric decision threshold computed via kernel density estimation is used to suitably detect anomalies. Tests on three publically available datasets proclaim the efficiency of the proposed mechanism in detecting cyber-attacks.
UR - http://hdl.handle.net/10754/663578
UR - https://linkinghub.elsevier.com/retrieve/pii/S2215098619313023
UR - http://www.scopus.com/inward/record.url?scp=85086093684&partnerID=8YFLogxK
U2 - 10.1016/j.jestch.2020.05.002
DO - 10.1016/j.jestch.2020.05.002
M3 - Article
SN - 2215-0986
JO - Engineering Science and Technology, an International Journal
JF - Engineering Science and Technology, an International Journal
ER -