{"title":"基于kullback - leibler的smurf泛洪攻击检测","authors":"Benamar Bouyeddou, F. Harrou, Ying Sun, B. Kadri","doi":"10.1109/CATA.2018.8398647","DOIUrl":null,"url":null,"abstract":"Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.","PeriodicalId":231024,"journal":{"name":"2018 4th International Conference on Computer and Technology Applications (ICCTA)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Detection of smurf flooding attacks using Kullback-Leibler-based scheme\",\"authors\":\"Benamar Bouyeddou, F. Harrou, Ying Sun, B. Kadri\",\"doi\":\"10.1109/CATA.2018.8398647\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.\",\"PeriodicalId\":231024,\"journal\":{\"name\":\"2018 4th International Conference on Computer and Technology Applications (ICCTA)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 4th International Conference on Computer and Technology Applications (ICCTA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CATA.2018.8398647\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 4th International Conference on Computer and Technology Applications (ICCTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATA.2018.8398647","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 16
摘要
可靠、及时地发现网络攻击是保护网络和系统的必要条件。ICMP (Internet control message protocol, Internet控制消息协议)泛洪攻击仍然是IPv4和IPv6网络中最具挑战性的威胁之一。本文提出了一种基于Kullback-Leibler散度(KLD)的icmp拒绝服务(DOS)和分布式拒绝服务(DDOS)洪水攻击检测方法。这是由KLD在两个分布之间进行定量区分的高能力所驱动的。在这里,将3 -sigma规则应用于KLD距离进行异常检测。我们使用1999年DARPA入侵检测评估数据集对该方案的有效性进行了评估。
Detection of smurf flooding attacks using Kullback-Leibler-based scheme
Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
