Statistical Measures: Promising Features for Time Series Based DDoS Attack Detection †
Abstract
:1. Introduction
2. Related Work
3. Theory and Overview
3.1. Periodicity
3.2. Skewness and Kurtosis
3.3. Self-Similarity (Long-Range Dependence)
4. Discussion and Result
4.1. Training
4.2. Test Result
5. Conclusions
Conflicts of Interest
References
- Bouzida, Y.; Cuppens, F.; Gombault, S. Detecting and reacting against distributed denial of service attacks. In Proceedings of the IEEE International Conference on Communications, Istanbul, Turkey, 11–15 June 2006; Volume 5, pp. 2394–2400. [Google Scholar]
- Trostle, J. Protecting against distributed denial of service (ddos) attacks using distributed filtering. In Proceedings of the Securecomm and Workshops, Baltimore, MD, USA, 28 August–1 September 2006; pp. 1–11. [Google Scholar]
- Chauhan, K.; Prasad, V. Distributed denial of service (ddos) attack techniques and prevention on cloud environment. Int. J. Innov. Adv. Comput. Sci. 2015, 4, 210–215. [Google Scholar]
- Zargar, S.T.; Joshi, J.; Tipper, D. A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks. IEEE Commun. Surv. Tutor. 2013, 15, 2046–2069. [Google Scholar] [CrossRef]
- Liao, H.; Lin, C.R.; Lin, Y.; Tung, K. Intrusion detection system: A comprehensive review. J. Netw. Comput. Appl. 2013, 36, 16–24. [Google Scholar] [CrossRef]
- Modi, C.; Patel, D.; Borisaniya, B.; Patel, H.; Patel, A.; Rajarajan, M. A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 2013, 36, 42–57. [Google Scholar] [CrossRef]
- Shinde, P.; Guntupalli, S. Early dos attack detection using smoothened time-series andwavelet analysis. In Proceedings of the Third International Symposium on Information Assurance and Security, Manchester, UK, 29–31 August 2007; pp. 215–220. [Google Scholar]
- Caida, 2011. The Cooperative Analysis for Internet Data Analysis. Available online: http://www.caida.org/data/passive/ddos-20070804_dataset.xml (accessed on 4 August 2007).
- I MathWorks. Matlab and Statistics Toolbox Release, 2012. Available online: https://www.mathworks.com/company/newsroom/mathworks-announces-release-2012a-of-the-matlab-and-simulink-product-families.html (accessed on 2 March 2012).
- Nezhad, S.M.T.; Nazari, M.; Gharavol, E.A. A novel dos and ddos attacks detection algorithm using arima time series model and chaotic system in computer networks. IEEE Commun. Lett. 2016, 20, 700–703. [Google Scholar] [CrossRef]
- Ni, T.; Gu, X.; Wang, H.; Li, Y. Real-time detection of application-layer ddos attack using time series analysis. J. Control Sci. Eng. 2013, 4, 2013. [Google Scholar] [CrossRef]
- Barford, P.; Kline, J.; Plonka, D.; Ron, A. A signal analysis of network traffic anomalies. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, Marseille, France, 6–8 November 2002; pp. 71–82. [Google Scholar]
- Chen, Y.; Hwang, K. Collaborative detection and filtering of shrew ddos attacks using spectral analysis. J. Parallel Distrib. Comput. 2006, 66, 1137–1151. [Google Scholar] [CrossRef]
- Hashim, F.; Kibria, M.R.; Jamalipour, A. Detection of dos and ddos attacks in ngmn using frequency domain analysis. In Proceedings of the 2008 14th Asia-Pacific Conference on Communications, Tokyo, Japan, 14–16 October 2008; pp. 1–5. [Google Scholar]
- He, X.; Papadopoulos, C.; Heidemann, J.; Mitra, U.; Riaz, U. Remote detection of bottleneck links using spectral and statistical methods. Comput. Netw. 2009, 53, 279–298. [Google Scholar] [CrossRef]
- Fouladi, R.F.; Kayatas, C.E.; Anarim, E. Frequency based ddos attack detection approach using naive bayes classification. In Proceedings of the 2016 39th International Conference on Telecommunications and Signal Processing (TSP), Vienna, Austria, 27–29 June 2016; pp. 104–107. [Google Scholar]
- Vlachos, M.; Yu, P.; Castelli, V. On periodicity detection and structural periodic similarity. In Proceedings of the 2005 SIAM International Conference on Data Mining, Newport Beach, CA, USA, 21–23 April 2005; pp. 449–460. [Google Scholar]
- Bracewell, R. The Fourier Transform and Iis Applications; Mcgraw-Hill College: New York, NY, USA, 1965; Volume 5. [Google Scholar]
- Maftei, C.; Barbulescu, A.; Carsteanu, A.A. Long-range dependence in the time series of taiţa river discharges. Hydrol. Sci. J. 2016, 61, 1740–1747. [Google Scholar] [CrossRef]
- Nevin, J.A. Signal detection theory and operant behavior: A review of david m. green and john a. swets’ signal detection theory and psychophysics. J. Exp. Anal. Behav. 1969, 12, 475–480. [Google Scholar] [CrossRef]
Mean | Std | Kurtosis | Skewness | |
---|---|---|---|---|
Normal | 0.47 | 0.06 | 4.63 | 0.98 |
Attack | 0.23 | 0.12 | 11.42 | 2.42 |
Period | Kurtosis | Skewness | Hurst Exponent | |
---|---|---|---|---|
AUC(%) | 85.66 | 99.86 | 99.95 | 97.96 |
Threshold Value | 2 | 4.5 | 1 | 0.57 |
Normal | Attack | TP(%) | FP(%) | Accuracy (%) | ||
---|---|---|---|---|---|---|
Period | Normal | 46 | 14 | 80 | 23.33 | 78.33 |
Attack | 12 | 48 | ||||
Kurtosis | Normal | 58 | 2 | 95 | 3.33 | 95.83 |
Attack | 3 | 57 | ||||
Skewness | Normal | 60 | 0 | 96.67 | 0 | 98.33 |
Attack | 2 | 58 | ||||
Hurst | Normal | 55 | 5 | 91.66 | 8.33 | 91.66 |
Attack | 5 | 55 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Fouladi, R.F.; Kayatas, C.E.; Anarim, E. Statistical Measures: Promising Features for Time Series Based DDoS Attack Detection. Proceedings 2018, 2, 96. https://doi.org/10.3390/proceedings2020096
Fouladi RF, Kayatas CE, Anarim E. Statistical Measures: Promising Features for Time Series Based DDoS Attack Detection. Proceedings. 2018; 2(2):96. https://doi.org/10.3390/proceedings2020096
Chicago/Turabian StyleFouladi, Ramin Fadaei, Cemil Eren Kayatas, and Emin Anarim. 2018. "Statistical Measures: Promising Features for Time Series Based DDoS Attack Detection" Proceedings 2, no. 2: 96. https://doi.org/10.3390/proceedings2020096