Detecting cyber-attacks using a CRPS-based monitoring approach

Harrou, Fouzi; Bouyeddou, Benamar; Sun, Ying; Kadri, Benamar

doi:10.1109/ssci.2018.8628797

Cited by 8 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Harrou et al [34] designed an anomaly detection system to detect TCP SYN flood attacks based on the 1999 DAPRA dataset. TCP SYN floods are utilized in DoS and DDoS attacks.…”

Section: A Cybercrime Detection Using Statistical Methodsmentioning

confidence: 99%

Comprehensive Review of Cybercrime Detection Techniques

et al. 2020

View full text Add to dashboard Cite

Cybercrimes describe cases of indictable offences and misdemeanours in which computer or any communication tools are involved as targets, commission instruments, incidental to, or that cases are associated with the prevalence of computer technology. Common forms of cybercrimes could be child pornography, cyberstalking, identity theft, cyber laundering, credit card theft, cyber terrorism, drug sale, data leakage, sexually explicit content, phishing and other cyber hacking. These kinds of cybercrimes are mostly leading to breaching users' privacy, security violation, business loss, financial fraud, or damage in public as well as government properties. Hence, this paper intensively reviews cybercrime detection and prevention methods. It first explores the different types of cybercrimes then discusses their threats against privacy and security in computer systems. It also describes the strategies that cybercriminals might utilize in committing these crimes against individuals, organizations, and societies. The paper then reviews the existing techniques of cybercrime detection and prevention. It objectively discusses the strengths and critically analyses the vulnerabilities of each technique. As a future study, the paper provides recommendations for the development of cybercrime detection model in which it is capable to effectively detect cybercrime in comparison to the existing techniques.

show abstract

“…Harrou et al [34] designed an anomaly detection system to detect TCP SYN flood attacks based on the 1999 DAPRA dataset. TCP SYN floods are utilized in DoS and DDoS attacks.…”

Section: A Cybercrime Detection Using Statistical Methodsmentioning

confidence: 99%

Comprehensive Review of Cybercrime Detection Techniques

et al. 2020

View full text Add to dashboard Cite

show abstract

“…3) The use of Exponentially Weighted Moving Average (EWMA) [22,23] to overcome the noisy nature of the network.…”

Section: Introductionmentioning

confidence: 99%

Detecting Man-in-the-Middle Attack in Fog Computing for Social Media

Aliyu¹,

Sheltami²,

Mahmoud³

et al. 2021

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Fog computing (FC) is a networking paradigm where wireless devices known as fog nodes are placed at the edge of the network (close to the Internet of Things (IoT) devices). Fog nodes provide services in lieu of the cloud. Thus, improving the performance of the network and making it attractive to social media-based systems. Security issues are one of the most challenges encountered in FC. In this paper, we propose an anomalybased Intrusion Detection and Prevention System (IDPS) against Man-in-the-Middle (MITM) attack in the fog layer. The system uses special nodes known as Intrusion Detection System (IDS) nodes to detect intrusion in the network. They periodically monitor the behavior of the fog nodes in the network. Any deviation from normal network activity is categorized as malicious, and the suspected node is isolated. Exponentially Weighted Moving Average (EWMA) is added to the system to smooth out the noise that is typically found in social media communications. Our results (with 95% confidence) show that the accuracy of the proposed system increases from 80% to 95% after EWMA is added. Also, with EWMA, the proposed system can detect the intrusion from 0.25-0.5 s seconds faster than that without EWMA. However, it affects the latency of services provided by the fog nodes by at least 0.75-1.3 s. Finally, EWMA has not increased the energy overhead of the system, due to its lightweight.

show abstract

“…Accordingly, this work focuses on developing an efficient detection mechanism to detect TCP SYN flood, Smurf attack, and ICMPv6-based DOS and DDOS attacks. Several mechanisms were developed in the literature to prevent and protect networks from TCP SYN flood attacks [8,9]. In [10], a strategy integrating the intrusion detection system Snort with two commonly used software-defined networking (SDN) controllers, namely ODL (Opendaylaight) and ONOS (Open Networking system), is introduced.…”

Section: Introductionmentioning

confidence: 99%

Detecting network cyber-attacks using an integrated statistical approach

et al. 2020

Self Cite

View full text Add to dashboard Cite

Anomaly detection in the Internet of Things (IoT) is imperative to improve its reliability and safety. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the critical security challenges facing network technologies. This paper presents an anomaly detection mechanism using the Kullback-Leibler distance (KLD) to detect DOS and DDOS flooding attacks, including transmission control protocol (TCP) SYN flood, UDP flood, and ICMP-based attacks. This mechanism integrates the desirable properties of KLD, the capacity to quantitatively discriminate between two distributions, with the sensitivity of an exponential smoothing scheme. The primary reason for exponentially smoothing KLD measurements (ES-KLD) is to aggregate all of the information from past and actual samples in the decision rule, making the detector sensitive to small anomalies. Furthermore, a nonparametric approach using kernel density estimation has been used to set a threshold for ES-KLD decision statistic to uncover the presence of attacks. Tests on three publicly available datasets show improved performances of the proposed mechanism in detecting cyber-attacks compared to other conventional monitoring procedures.

show abstract

Detecting cyber-attacks using a CRPS-based monitoring approach

Cited by 8 publications

References 22 publications

Comprehensive Review of Cybercrime Detection Techniques

Comprehensive Review of Cybercrime Detection Techniques

Detecting Man-in-the-Middle Attack in Fog Computing for Social Media

Detecting network cyber-attacks using an integrated statistical approach

Contact Info

Product

Resources

About