Denial of service (DOS) and distributed DOS (DDOS) continue to be a significant concern in internet and networking systems. This paper targets to develop an anomaly detection mechanism based on the generalized likelihood ratio (GLR) scheme to detect TCP and ICMPv6 based DOS/DDOS attacks. The anomaly detection problem is addressed as a hypothesis testing problem. The proposed approach uses GLR test to monitor internet traffic for better detecting potential cyber- attacks. The decision threshold of GLR approach has been computed non parametrically based on kernel density estimation. To evaluate the performance of this approach, two network traffic datasets have been used namely the DARPA99 and ICMPv6 datasets. Results highlight the efficiency of the proposed method.
|Original language||English (US)|
|Title of host publication||2018 International Conference on Applied Smart Systems (ICASS)|
|Publisher||Institute of Electrical and Electronics Engineers (IEEE)|
|State||Published - Mar 18 2019|