Machine Recognition of DDoS Attacks Using Statistical Parameters
As part of the research in the recently ended project SANET II, we were trying to create a new machine-learning system without a teacher. This system was designed to recognize DDoS attacks in real time, based on adaptation to real-time arbitrary traffic and with the ability to be embedded into the h...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-12-01
|
| Series: | Mathematics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7390/12/1/142 |
| _version_ | 1827384663725834240 |
|---|---|
| author | Juraj Smiesko Pavel Segec Martin Kontsek |
| author_facet | Juraj Smiesko Pavel Segec Martin Kontsek |
| author_sort | Juraj Smiesko |
| collection | DOAJ |
| description | As part of the research in the recently ended project SANET II, we were trying to create a new machine-learning system without a teacher. This system was designed to recognize DDoS attacks in real time, based on adaptation to real-time arbitrary traffic and with the ability to be embedded into the hardware implementation of network probes. The reason for considering this goal was our hands-on experience with the high-speed SANET network, which interconnects Slovak universities and high schools and also provides a connection to the Internet. Similar to any other public-facing infrastructure, it is often the target of DDoS attacks. In this article, we are extending our previous research, mainly by dealing with the use of various statistical parameters for DDoS attack detection. We tested the coefficients of Variation, Kurtosis, Skewness, Autoregression, Correlation, Hurst exponent, and Kullback–Leibler Divergence estimates on traffic captures of different types of DDoS attacks. For early machine recognition of the attack, we have proposed several detection functions that use the response of the investigated statistical parameters to the start of a DDoS attack. The proposed detection methods are easily implementable for monitoring actual IP traffic. |
| first_indexed | 2024-03-08T15:02:27Z |
| format | Article |
| id | doaj.art-6f9dc39921ba4450b26ea78065b304b5 |
| institution | Directory Open Access Journal |
| issn | 2227-7390 |
| language | English |
| last_indexed | 2024-03-08T15:02:27Z |
| publishDate | 2023-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Mathematics |
| spelling | doaj.art-6f9dc39921ba4450b26ea78065b304b52024-01-10T15:03:44ZengMDPI AGMathematics2227-73902023-12-0112114210.3390/math12010142Machine Recognition of DDoS Attacks Using Statistical ParametersJuraj Smiesko0Pavel Segec1Martin Kontsek2Department of InfoComm Networks, Faculty of Management Science and Informatics, University of Zilina, 010 26 Zilina, SlovakiaDepartment of InfoComm Networks, Faculty of Management Science and Informatics, University of Zilina, 010 26 Zilina, SlovakiaDepartment of InfoComm Networks, Faculty of Management Science and Informatics, University of Zilina, 010 26 Zilina, SlovakiaAs part of the research in the recently ended project SANET II, we were trying to create a new machine-learning system without a teacher. This system was designed to recognize DDoS attacks in real time, based on adaptation to real-time arbitrary traffic and with the ability to be embedded into the hardware implementation of network probes. The reason for considering this goal was our hands-on experience with the high-speed SANET network, which interconnects Slovak universities and high schools and also provides a connection to the Internet. Similar to any other public-facing infrastructure, it is often the target of DDoS attacks. In this article, we are extending our previous research, mainly by dealing with the use of various statistical parameters for DDoS attack detection. We tested the coefficients of Variation, Kurtosis, Skewness, Autoregression, Correlation, Hurst exponent, and Kullback–Leibler Divergence estimates on traffic captures of different types of DDoS attacks. For early machine recognition of the attack, we have proposed several detection functions that use the response of the investigated statistical parameters to the start of a DDoS attack. The proposed detection methods are easily implementable for monitoring actual IP traffic.https://www.mdpi.com/2227-7390/12/1/142IP traffic descriptionDDoS attack detectioncoefficient of variationkurtosisskewnessautoregression |
| spellingShingle | Juraj Smiesko Pavel Segec Martin Kontsek Machine Recognition of DDoS Attacks Using Statistical Parameters Mathematics IP traffic description DDoS attack detection coefficient of variation kurtosis skewness autoregression |
| title | Machine Recognition of DDoS Attacks Using Statistical Parameters |
| title_full | Machine Recognition of DDoS Attacks Using Statistical Parameters |
| title_fullStr | Machine Recognition of DDoS Attacks Using Statistical Parameters |
| title_full_unstemmed | Machine Recognition of DDoS Attacks Using Statistical Parameters |
| title_short | Machine Recognition of DDoS Attacks Using Statistical Parameters |
| title_sort | machine recognition of ddos attacks using statistical parameters |
| topic | IP traffic description DDoS attack detection coefficient of variation kurtosis skewness autoregression |
| url | https://www.mdpi.com/2227-7390/12/1/142 |
| work_keys_str_mv | AT jurajsmiesko machinerecognitionofddosattacksusingstatisticalparameters AT pavelsegec machinerecognitionofddosattacksusingstatisticalparameters AT martinkontsek machinerecognitionofddosattacksusingstatisticalparameters |