A robust anomaly detection method using a constant false alarm rate approach

AsSadhan, Basil; AlShaalan, Rayan; Diab, Diab M.; Alzoghaiby, Abraham; Alshebeili, Saleh A.; Al‐Muhtadi, Jalal; Bin-Abbas, Hesham; El‐Samie, Fathi E. Abd

doi:10.1007/s11042-020-08653-8

Cited by 6 publications

(14 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, we focus on detecting TCP‐based DoS/DDoS attacks by utilizing the methodology presented in AsSadhan and Mouran 9 . We started by extracting TCP traffic from the network traffic and decompose them into control and data planes, as in previous studies 9‐11,53 . The packets that set up, preserve, or turn off a connection are treated as control packets.…”

Section: Methodsmentioning

confidence: 99%

“…Decomposing traffic into control and data can provide more information about the traffic behavior. This information may increase the accuracy and efficiency of results 9‐11,53 …”

Section: Background and Related Workmentioning

confidence: 99%

“…Spreading worms or viruses, malware, botnets, and distributed denial‐of‐service (DDoS) attacks are some models of these dangerous threats that degrade the security of computer networks 7 . One strategy for defending against cyber attacks is to analyze network behavior characteristics and identify any deviations to flag network anomalies 8‐11 . Anomalies can occur because of illegitimate activities such as attacks or from legitimate activities such as network outage or flash crowd traffic.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Denial of service detection using dynamic time warping

et al. 2021

Self Cite

View full text Add to dashboard Cite

Summary With the rapid growth of security threats in computer networks, the need for developing efficient security‐warning systems is substantially increasing. Distributed denial‐of‐service (DDoS) and DoS attacks are still among the most effective and dreadful attacks that require robust detection. In this work, we propose a new method to detect TCP DoS/DDoS attacks. Since analyzing network traffic is a promising approach, our proposed method utilizes network traffic by decomposing the TCP traffic into control and data planes and exploiting the dynamic time warping (DTW) algorithm for aligning these two planes with respect to the minimum Euclidean distance. By demonstrating that the distance between the control and data planes is considerably small for benign traffic, we exploit this characteristic for detecting attacks as outliers. An adaptive thresholding scheme is implemented by adjusting the value of the threshold in accordance with the local statistics of the median absolute deviation (MAD) of the distances between the two planes. We demonstrate the efficacy of the proposed method for detecting DoS/DDoS attacks by analyzing traffic data obtained from publicly available datasets.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Decomposing traffic into control and data can provide more information about the traffic behavior. This information may increase the accuracy and efficiency of results 9‐11,53 …”

Section: Background and Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Denial of service detection using dynamic time warping

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Based on these historical data, an attempt was made to detect all potential data exfiltration attempts using the adaptive threshold. The algorithm used in the implementation of the adaptive threshold was Cell-Averaging Constant False Alarm Rate (CA-CFAR) [58] which is probably the most widely used CFAR detector. It was used as it can adapt to a constantly changing networking environment.…”

Section: Experimental Implementation and Methodologymentioning

confidence: 99%

“…The data analysis engine created for the Passive DNS/CETP module determines the decision thresholds adaptively using the Cell Averaging -Constant False Alarm Rate (CA-CFAR) algorithm [58]. This algorithm is very good for detecting signals in radars and at the same time it is suitable for the detection in varying network conditions [58]. The detection is straightforward.…”

Section: Cell Averaging-constant False Alarm Ratementioning

confidence: 99%

Improving Security of Future Networks Using Enhanced Customer Edge Switching and Risk-Based Analysis

Nowaczewski

Mazurczyk

2021

Electronics

View full text Add to dashboard Cite

Customer Edge Switching (CES) is an extension of the already known classical firewall that is often described and used in future networks like 5G. It extends its functionality by enabling information exchange with other firewalls to decide whether the inspected network traffic should be considered malicious or legitimate. In this paper, we show how the Passive DNS can be used to further improve security of this solution. First, we discuss CES solution and its internals. We also determine how it uses DNS and CETP protocols. Secondly, we describe the basics of the Passive DNS and how it impacts the DNS protocol. Thirdly, we evaluate how the Passive DNS can be extended to collect also CETP information. Finally, we integrate the solutions and present obtained experimental results.

show abstract

A study on manufacturing facility safety system using multimedia tools for cyber physical systems

Lee

Park

2020

Multimed Tools Appl

View full text Add to dashboard Cite

A robust anomaly detection method using a constant false alarm rate approach

Cited by 6 publications

References 39 publications

Denial of service detection using dynamic time warping

Denial of service detection using dynamic time warping

Improving Security of Future Networks Using Enhanced Customer Edge Switching and Risk-Based Analysis

A study on manufacturing facility safety system using multimedia tools for cyber physical systems

Contact Info

Product

Resources

About