On the use of generalized entropy formulas in detection of denial‐of‐service attacks

Basicevic, Ilija; Blazic, Nikola; Ocovaj, Stanislav

doi:10.1002/spy2.134

Cited by 7 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…al. [8] study various DoS attack detectors based on different entropy types using source side features and report that detectors based on Tsallis [11] -in agreement with our study -and Bhatia-Singh [25] entropies perform best. Compared to their approach, we use differential and statistical analysis to signal an attack which is hyper-parameter free and thus is robust.…”

Section: Resultssupporting

confidence: 82%

See 1 more Smart Citation

Denial-of-Service Attack Detection via Differential Analysis of Generalized Entropy Progressions

Subasi,

Manzano,

Barker

2021

Preprint

View full text Add to dashboard Cite

Denial-of-Service (DoS) attacks are one the most common and consequential cyber attacks in computer networks. While existing research offers a plethora of detection methods, the issue of achieving both scalability and high detection accuracy remains open. In this work, we address this problem by developing a differential method based on generalized entropy progression. In this method, we continuously fit the line of best fit to the entropy progression and check if the derivative, that is, the slope of this line is less than the negative of the dynamically computed standard deviation of the derivatives. As a result, we omit the usage of the thresholds and the results with five real-world network traffic datasets confirm that our method outperforms threshold-based DoS attack detection by two orders of magnitude on average. Our method achieves false positive rates that are up to 7% where the arithmetic mean is 3% with Tsallis entropy and only 5% sampling of the total network flow. Moreover, since the main computation cost of our method is the entropy computation, which is linear in the volume of the unittime network flow and it uses integer only operations and a small fraction of the total flow, it is therefore lightweight and scalable.

show abstract

Section: Resultssupporting

confidence: 82%

“…There exists an abundance of research on the detection of DoS attacks [2] and [3]. There are many different approaches ranging from statistical approaches [4] [5] to machine and deep learning [6], [7] to information-theoretical ones [8] [9] [10]. Each type of these approaches has its own drawbacks.…”

Section: Introductionmentioning

confidence: 99%

Denial-of-Service Attack Detection via Differential Analysis of Generalized Entropy Progressions

Subasi,

Manzano,

Barker

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Here ( X ) determines the entropy, H( X | Y ) is the entropy of “ X ” given the entropy of “ Y ,” P ( xi | yi ) is the posterior probability of “ X ” given the values of “ X ,” H( X ) is entropy of “ X .” IG ( X | Y ) is the information gain of “ X ” provided “ Y ” is given. For high entropy, the information gain component is highly variable across the instances 59 . Computing it means subtracting the conditional entropy from the entropy of the class label.…”

Section: Proposed Modelmentioning

confidence: 99%

“…For high entropy, the information gain component is highly variable across the instances. 59 Computing it means subtracting the conditional entropy from the entropy of the class label. It is a frequency-dependent feature selection method and thus related to the number of occurrences of an event.…”

Section: Chi-square Testmentioning

confidence: 99%

Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

Habib

Khursheed

2022

Concurrency and Computation

View full text Add to dashboard Cite

This article gives the framework of extensive experimentation of various machine learning models to detect distributed denial of service attacks (DDoS). We use six-tier feature ranking methods that use statistical techniques as well as machine learning based classifiers to obtain the significant features. The measurable statistical based feature selection involves Chi-Square (Chi2), information gain (IG), merged Chi-Square (Chi2)-IG ranking and machine learning classifiers involve ensemble classifiers, that is, decision tree, random forest and eXtreme gradient boosting (XGBoost). Different supervised machine learning models (logistic regression, decision tree classifier, linear support vector machine, k-nearest neighbors, Gaussian Naive Bayes, random forest classifier, XGBoost) are trained on a feature-engineered datasets. To further our research, we use neural networks (ANN and CNN) using both feature-selected and auto-feature selection training setup. We check the validation and adaptability of these models with the optimal tuning of various parameters using GridSearchCV and the effectiveness of random sampling in overcoming the class imbalance problem. Based on various feature selection methods, the models are evaluated for their best performance. The experimental results show that our trained machine learning models and neural networks outperformed the ones in the state of art. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate, sensitivity, specificity, false-positive rate, F1 score, area under curve analysis and loss functions on well-known KDD Cup 99 and UNSW-NB15 datasets. This study is significant for furthering the research in DDoS detection with machine learning and deep neural networks.

show abstract

On the use of principal component analysis in the entropy based detection of denial‐of‐service attacks

Basicevic

Blazic²,

Ocovaj³

2021

Security and Privacy

Self Cite

View full text Add to dashboard Cite

This paper investigates some possibilities for the use of the principal component analysis (PCA) algorithm in the detection of denial-of-service (DoS) attacks. Two simple traffic features that are widely used for the detection of DoS attacks are source and destination ports of packets. In this paper, we show that by using only the principal component of these two features as the input for detection a powerful detector can be built. Shannon entropy formula and two generalized entropy formulas have been used in combination with PCA. The input dataset is generated in an emulation testbed. The type of attack that is investigated is SYN flood.

show abstract

On the use of generalized entropy formulas in detection of denial‐of‐service attacks

Cited by 7 publications

References 22 publications

Denial-of-Service Attack Detection via Differential Analysis of Generalized Entropy Progressions

Denial-of-Service Attack Detection via Differential Analysis of Generalized Entropy Progressions

Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

On the use of principal component analysis in the entropy based detection of denial‐of‐service attacks

Contact Info

Product

Resources

About