Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
Date
2018-11
Author
Daneshgadeh, Salva
Kemmerich, Thomas
Ahmed, Tarem
Baykal, Nazife
Metadata
Show full item record
Item Usage Stats
355
views
0
downloads
Cite This
Distributed Denial of Service (DDoS) attacks continue to adversely affect internet-based services and applications. Various approaches have been proposed to detect different types of DDoS attacks. The computational and memory complexities of most algorithms, however prevent them from being employed in online manner. In this paper, we propose a novel victim end online DDoS attack detection framework based on the celebrated Kernel-based Online Anomaly Detection (KOAD) algorithm and the Mahalanobis distance. We have employed the KOAD algorithm to adaptively model the normal behavior of network traffic, and then constructed the normal and abnormal datasets based on the results of KOAD. Subsequently, the Mahalanobis distance metric was calculated between datapoints of the abnormal and normal subsets. Finally, the chi-square test was used on the Mahalanobis distance values to segregate the DDoS attack datapoints from the normal ones. We have validated our algorithm on simulated DDoS scenarios, as well as real baseline data from a company operating in cyber security. Our results have revealed that our proposed hybrid approach boosts the performance of sole KOAD algorithm and Mahalanobis distance in detecting DDoS traffic in terms of both false positive and detection rates.
Subject Keywords
17th IEEE International Symposium on Network Computing and Applications (NCA)
URI
https://hdl.handle.net/11511/52492
DOI
https://doi.org/10.1109/NCA.2018.8548334
Collections
Graduate School of Informatics, Conference / Seminar
Suggestions
OpenMETU
Core
A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning
Daneshgadeh Çakmakçı, Salva; Baykal, Nazife; Department of Information Systems (2019)
Distributed denial-of-service (DDoS) attacks are continually evolving as the computer and networking technologies and attackers’ motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to the frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS att...
An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2019-01-01)
In the world of internet and communication technologies where our personal and business lives are inextricably tied to internet enabled services and applications, Distributed Denial of Service (DDoS) attacks continue to adversely affect the availability of these services and applications. Many frameworks have been presented in academia and industry to predict, detect and defend against DDoS attacks. The available solutions try to protect online services from DDoS attacks, but as yet there is no best-practic...
An Entropy based DDoS detection method and implementation
Yücebaş, Süleyman Fürkan; Betin Can, Aysu; Department of Cyber Security (2019)
Distributed Denial of Service (DDoS) is a cyber attack type involving multiple computer sources which aims to temporarily or permanently deactivate the service provided by a device. This attack type has been listed multiple times as the most used attack types and has a great portion in all types of cyber attacks. Also, these attacks are increasing day by day and poses a threat for cyber security ecosystem. In today's world, these attacks target worldwide organizations and cause them to suffer. DDoS attacks ...
A classification approach for adaptive mitigation of SYN flood attacks Preventing performance loss due to SYN flood attacks
Degirmencioglu, Alptugay; Erdogan, Hasan Tugrul; Mizani, Mehrdad A.; Yilmaz, Oguz (2016-04-29)
SYN flood is a commonly used Distributed Denial of Service (DDoS) attack. SYN flood DDoS attacks consume considerable amount of resources in the target machine. Even with straightforward mitigation solutions, any attack causes resource waste and performance loss in the server, rendering it unable to provide service to legitimate clients. We propose an approach for SYN flood attack mitigation based on supervised learning classification methods which identify and block SYN flood traffic before they reach thei...
A Computational Dynamic Trust Model for User Authorization
ZHONG, Yuhui; Bhargava, Bharat; LU, Yİ; Angın, Pelin (Institute of Electrical and Electronics Engineers (IEEE), 2015-01-01)
Development of authorization mechanisms for secure information access by a large community of users in an open environment is an important problem in the ever-growing Internet world. In this paper we propose a computational dynamic trust model for user authorization, rooted in findings from social science. Unlike most existing computational trust models, this model distinguishes trusting belief in integrity from that in competence in different contexts and accounts for subjectivity in the evaluation of a pa...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. Daneshgadeh, T. Kemmerich, T. Ahmed, and N. Baykal, “A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance,” 2018, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/52492.