Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis

Aamir, Muhammad; Rizvi, Syed Sajjad Hussain; Hashmani, Manzoor Ahmed; Zubair, Muhammad; Usman, Jawwad Ahmed.

doi:10.22581/muet1982.2101.19

Cited by 20 publications

(11 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of classification, Aamir et al (2021) showed the benefits of machine learning for classifying port scans and DDoS attacks in a mixture of normal and attack traffic. Guo et al (2020) presented a new method to improve malware classification based on entropy sequence features.…”

Section: Case Datasetsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

146

View full text Add to dashboard Cite

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

show abstract

Section: Case Datasetsmentioning

confidence: 99%

Cyber risk and cybersecurity: a systematic review of data availability

Cremer

Sheehan

Fortmann

et al. 2022

Geneva Pap Risk Insur Issues Pract

146

View full text Add to dashboard Cite

show abstract

“…In order to assess if the proposed variables Σ, Σ μ , Σ μ,σ and Σ e μ,σ are suitable for highlighting anomalous network behaviors associated with the DoS attack, we performed an analysis to identify the relevant features for detecting this type of attack. To achieve this goal, we rely on the studies performed in (Tang et al, 2020) and (Aamir et al, 2021). More in detail, in (Tang et al, 2020), the authors propose a low-rate DoS detection method which exploits a set of features selected based on the correlation score between features and data labels.…”

Section: Dos Analysismentioning

confidence: 99%

“…Additional details can be found in (Tang et al, 2020). A similar study has been performed in (Aamir et al, 2021), where several machine learning approaches for detecting DoS and port scanning are analyzed. More in detail, the authors performed feature selection by analyzing the correlation coefficient scores with respect to the dependent (target variable) and, according to the study performed in (Taylor, 1990), a correlation coefficient smaller or equal to 0.35 indicates that the associated feature does not provide useful information.…”

Section: Dos Analysismentioning

confidence: 99%

“…More in detail, the authors performed feature selection by analyzing the correlation coefficient scores with respect to the dependent (target variable) and, according to the study performed in (Taylor, 1990), a correlation coefficient smaller or equal to 0.35 indicates that the associated feature does not provide useful information. Based on this assumption, the most significant features among the ones analyzed in (Aamir et al, 2021) are: the maximum packet length, the minimum packet length, the mean packet length, the packet length standard deviation and variance, and the average segment size. From these results, it is possible to infer that the features considered for defining the representation variables in Section 4.2.1, namely the volume of traffic, the traffic mean, and its standard deviation, are relevant also for highlighting the DoS attack presence.…”

Section: Dos Analysismentioning

confidence: 99%

“…Moreover, since we Frontiers in Signal Processing | www.frontiersin.org are analyzing traffic at IP level, no information concerning the transport level layer has been included in this work although it could be exploited for future contributions. It is useful to underline that the main difference with respect to the methods presented in (Tang et al, 2020;Aamir et al, 2021) is that in our work the features are combined to provide a single value for the elements of the 2D data structure.…”

Section: Dos Analysismentioning

confidence: 99%

See 2 more Smart Citations

Analysis of a 2D Representation for CPS Anomaly Detection in a Context-Based Security Framework

Baldoni

Carli

Battisti

2022

Front. Signal Process.

View full text Add to dashboard Cite

In this contribution, a flexible context-based security framework is proposed by exploring two types of context: distributed and local. While the former consists in processing information from a set of spatially distributed sources, the second accounts for the local environment surrounding the monitored system. The joint processing of these two types of information allows the identification of the anomaly cause, differentiating between natural and attack-related events, and the suggestion of the best mitigation strategy. In this work, the proposed framework is applied the Cyber Physical Systems scenario. More in detail, we focus on the distributed context analysis investigating the definition of a 2D representation of network traffic data. The suitability of four representation variables has been evaluated, and the variable selection has been performed.

show abstract

RC-Security Mechanism to Prevent Attacks on IoT Smart Switch

Makhija

Narayanan

2021

Communications in Computer and Information Science

View full text Add to dashboard Cite

Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis

Cited by 20 publications

References 34 publications

Cyber risk and cybersecurity: a systematic review of data availability

Cyber risk and cybersecurity: a systematic review of data availability

Analysis of a 2D Representation for CPS Anomaly Detection in a Context-Based Security Framework

RC-Security Mechanism to Prevent Attacks on IoT Smart Switch

Contact Info

Product

Resources

About