TY - GEN
T1 - Detection of smurf flooding attacks using Kullback-Leibler-based scheme
AU - Bouyeddou, Benamar
AU - Harrou, Fouzi
AU - Sun, Ying
AU - Kadri, Benamar
N1 - KAUST Repository Item: Exported on 2020-10-01
Acknowledged KAUST grant number(s): OSR-2015-CRG4-2582
Acknowledgements: The research reported in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST) Office of Sponsored Research (OSR) under Award No: OSR-2015-CRG4-2582. The authors (Benamar Bouyeddou and Benamar Kadri) would like to thank the STIC Lab, Department of Telecommunications, Abou Bekr Belkaid University for the continued support during the research.
PY - 2018/6/28
Y1 - 2018/6/28
N2 - Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.
AB - Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.
UR - http://hdl.handle.net/10754/628245
UR - https://ieeexplore.ieee.org/document/8398647/
UR - http://www.scopus.com/inward/record.url?scp=85050192647&partnerID=8YFLogxK
U2 - 10.1109/cata.2018.8398647
DO - 10.1109/cata.2018.8398647
M3 - Conference contribution
AN - SCOPUS:85050192647
SN - 9781538669952
SP - 11
EP - 15
BT - 2018 4th International Conference on Computer and Technology Applications (ICCTA)
PB - Institute of Electrical and Electronics Engineers (IEEE)
ER -