Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning
Date
2019
Author
Daneshgadeh Çakmakçı, Salva
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
204
views
0
downloads
Cite This
Distributed denial-of-service (DDoS) attacks are continually evolving as the computer and networking technologies and attackers’ motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to the frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks. To fulfill this need, an online sequential DDoS detection scheme that is suitable for use with multivariate data was proposed. The proposed algorithm utilizes a kernel-based learning algorithm, the Mahalanobis distance, and a Chi-square test. The algorithm is fully automated and does not require a pre-defined setting of any thresholds or baseline normal network traffic for training. Initially, four entropy-based and four statistical-based features were extracted from network flows as detection metrics per minute. Then, the Enhanced Kernel based Online Anomaly Detection Algorithm (E-KOAD) was employed to detect entropy-based input feature vectors that were suspected to be DDoS. This algorithm assumes no model for network traffic or DDoS in advance; then, it constructs and adapts a Dictionary of features that approximately span the subspace of normal behavior. Every T minutes, the Mahalanobis distance between suspicious vectors and the distribution of Dictionary members is measured. Subsequently, the Chi-square test is used to evaluate the Mahalanobis distance. The proposed DDoS detection scheme was applied to the CICIDS2017 dataset and the performance of the algorithm was measured using different performance metrics including accuracy, recall, precision and ROC-Curve. Finally, the results were compared with those by existing algorithms.
Subject Keywords
Denial of service attacks.
,
Keywords: DDoS
,
Machine algorithm
,
KOAD
,
Mahalanobis distance
,
Chi-square test
URI
http://etd.lib.metu.edu.tr/upload/12624755/index.pdf
https://hdl.handle.net/11511/45423
Collections
Graduate School of Informatics, Thesis
Suggestions
OpenMETU
Core
An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2019-01-01)
In the world of internet and communication technologies where our personal and business lives are inextricably tied to internet enabled services and applications, Distributed Denial of Service (DDoS) attacks continue to adversely affect the availability of these services and applications. Many frameworks have been presented in academia and industry to predict, detect and defend against DDoS attacks. The available solutions try to protect online services from DDoS attacks, but as yet there is no best-practic...
Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm
Cakmakci, Salva Daneshgadeh; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (Elsevier BV, 2020-10-01)
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks....
A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2018-11)
Distributed Denial of Service (DDoS) attacks continue to adversely affect internet-based services and applications. Various approaches have been proposed to detect different types of DDoS attacks. The computational and memory complexities of most algorithms, however prevent them from being employed in online manner. In this paper, we propose a novel victim end online DDoS attack detection framework based on the celebrated Kernel-based Online Anomaly Detection (KOAD) algorithm and the Mahalanobis distance. W...
A Digital Twins Approach to Smart Grid Security Testing and Standardization
Atalay, Manolya; Angın, Pelin (2020-06-01)
The exponential growth of the Internet of Things in recent years has created an ever larger cyber attack surface, introducing new security vulnerabilities for all computerized systems. Among the most significant of those systems are industrial control systems (ICS) consisting of many cyber physical components, and smart grids are a prominent example of ICS, whose failures have potential to cause major disruptions in all aspects of our daily lives. In this paper, we provide an overview of smart grid cybersec...
A Novel SDN Dataset for Intrusion Detection in IoT Networks
Sarica, Alper Kaan; Angın, Pelin (2020-11-04)
The number of Internet of Things (IoT) devices and the use cases they aim to support have increased sharply in the past decade with the rapid developments in wireless networking infrastructures. Despite many advantages, the widespread use of IoT has also created a large attack surface frequently exploited by cyber criminals, requiring real-time, automated detection and mitigation of various attacks in the high-volume network traffic generated. Software-defined networking (SDN) and machine learning (ML) base...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. Daneshgadeh Çakmakçı, “A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning,” Thesis (Ph.D.) -- Graduate School of Natural and Applied Sciences. Information Systems., Middle East Technical University, 2019.
