TY - GEN
T1 - Nonparametric Kullback-Leibler distance-based method for networks intrusion detection
AU - Bouyeddou, Benamar
AU - Kadri, Benamar
AU - Harrou, Fouzi
AU - Sun, Ying
N1 - KAUST Repository Item: Exported on 2021-02-26
PY - 2020/10/26
Y1 - 2020/10/26
N2 - Anomaly detection enables identifying atypical events in network systems. Revealing denial of service (DOS) and distributed DOS (DDOS) is a critical security challenge confronting network technologies. This work advocates using Kullback-Leibler distance (KLD) to track DOS and DDOS flooding attacks, including SYN flood, UDP flood, and Smurf attacks. The proposed mechanism's key novelty is the amalgamation of the desirable characteristics of KLD with the sensitivity of an exponential smoothing algorithm. Notably, the use of exponentially smoothing is expected to improve the detector sensitivity to small anomalies. Besides, the proposed mechanism does not need knowledge about data distribution. Meanwhile, kernel density estimation usage to set a threshold for ES-KLD decision statistic improves the flexibility of the proposed mechanism. Tests on the publicly available DARPA99 dataset showing enhanced outputs of the developed approach in detecting cyber-attacks compared to other traditional monitoring procedures.
AB - Anomaly detection enables identifying atypical events in network systems. Revealing denial of service (DOS) and distributed DOS (DDOS) is a critical security challenge confronting network technologies. This work advocates using Kullback-Leibler distance (KLD) to track DOS and DDOS flooding attacks, including SYN flood, UDP flood, and Smurf attacks. The proposed mechanism's key novelty is the amalgamation of the desirable characteristics of KLD with the sensitivity of an exponential smoothing algorithm. Notably, the use of exponentially smoothing is expected to improve the detector sensitivity to small anomalies. Besides, the proposed mechanism does not need knowledge about data distribution. Meanwhile, kernel density estimation usage to set a threshold for ES-KLD decision statistic improves the flexibility of the proposed mechanism. Tests on the publicly available DARPA99 dataset showing enhanced outputs of the developed approach in detecting cyber-attacks compared to other traditional monitoring procedures.
UR - http://hdl.handle.net/10754/667671
UR - https://ieeexplore.ieee.org/document/9325642/
UR - http://www.scopus.com/inward/record.url?scp=85100506602&partnerID=8YFLogxK
U2 - 10.1109/icdabi51230.2020.9325642
DO - 10.1109/icdabi51230.2020.9325642
M3 - Conference contribution
SN - 9781728196756
BT - 2020 International Conference on Data Analytics for Business and Industry: Way Towards a Sustainable Economy (ICDABI)
PB - IEEE
ER -