Premium
Denial of service detection using dynamic time warping
Author(s) -
Diab Diab M.,
AsSadhan Basil,
Binsalleeh Hamad,
Lambotharan Sangarapillai,
Kyriakopoulos Konstantinos G.,
Ghafir Ibrahim
Publication year - 2021
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.2159
Subject(s) - computer science , denial of service attack , dynamic time warping , thresholding , anomaly detection , exploit , data mining , network security , computer security , real time computing , artificial intelligence , image (mathematics) , the internet , world wide web
Summary With the rapid growth of security threats in computer networks, the need for developing efficient security‐warning systems is substantially increasing. Distributed denial‐of‐service (DDoS) and DoS attacks are still among the most effective and dreadful attacks that require robust detection. In this work, we propose a new method to detect TCP DoS/DDoS attacks. Since analyzing network traffic is a promising approach, our proposed method utilizes network traffic by decomposing the TCP traffic into control and data planes and exploiting the dynamic time warping (DTW) algorithm for aligning these two planes with respect to the minimum Euclidean distance. By demonstrating that the distance between the control and data planes is considerably small for benign traffic, we exploit this characteristic for detecting attacks as outliers. An adaptive thresholding scheme is implemented by adjusting the value of the threshold in accordance with the local statistics of the median absolute deviation (MAD) of the distances between the two planes. We demonstrate the efficacy of the proposed method for detecting DoS/DDoS attacks by analyzing traffic data obtained from publicly available datasets.