An improved wavelet analysis method for detecting DDoS attacks

Wavelet Analysis method is considered as one of the most efficient methods for detecting DDoS attacks. However, during the peak data communication hours with a large amount of data transactions, this method is required to collect too many samples that will greatly increase the computational complexity. Therefore, the real-time response time as well as the accuracy of attack detection becomes very low. To address the above problem, we propose a new DDoS detection method called Modified Wavelet Analysis method which is based on the existing Isomap algorithm and wavelet analysis. In the paper, we present our new model and algorithm for detecting DDoS attacks and demonstrate the reasons of why we enlarge the Hurst's value of the self-similarity in our new approach. Finally we present an experimental evaluation to demonstrate that the proposed method is more efficient than the other traditional methods based on wavelet analysis. © 2010 IEEE

Detecting denial of service attacks with Bayesian classifiers and the random neural network

Denial of Service (DoS) is a prevalent threat in today’s networks. While such an attack is not difficult to launch, defending a network resource against it is disproportionately difficult, and despite the extensive research in recent years, DoS attacks continue to harm. The first goal of any protection scheme against DoS is the detection of its existence, ideally long before the destructive traffic build-up. In this paper we propose a generic approach which uses multiple Bayesian classifiers, and we present and compare four different implementations of it, combining likelihood estimation and the Random Neural Network (RNN). The RNNs are biologically inspired structures which represent the true functioning of a biophysical neural network, where the signals travel as spikes rather than analog signals. We use such an RNN structure to fuse real-time networking statistical data and distinguish between normal and attack traffic during a DoS attack. We present experimental results obtained for different traffic data in a large networking testbed

A biologically inspired denial of service detector using the random neural network

Several of today’s computing challenges have been met by resorting to and adapting optimal solutions that have evolved in nature. For example, autonomic communication net- works have started applying biologically-inspired methods to achieve some of their self-* properties. We build upon such methods to solve the recent problem of detection of Denial of Service networking attacks, by proposing a combination of Bayesian decision making and the Random Neural Networks (RNN) which are inspired by the random spiking behaviour of the biological neurons. Our approach is based on measuring various instantaneous and statistical variables describing the incoming network traffic, acquiring a likelihood estimation and fusing the information gathered from the individual input features using different architectures of the RNN. The experiments are conducted using the CPN networking protocol which is also based on the RNN

Real time DDoS detection using fuzzy estimators

We propose a method for DDoS detection by constructing a fuzzy estimator on the mean packet inter arrival times. We divided the problem into two challenges, the first being the actual detection of the DDoS event taking place and the second being the identification of the offending IP addresses. We have imposed strict real time constraints for the first challenge and more relaxed constraints for the identification of addresses. Through empirical evaluation we confirmed that the detection can be completed within improved real time limits and that by using fuzzy estimators instead of crisp statistical descriptors we can avoid the shortcomings posed by assumptions on the model distribution of the traffic. In addition we managed to obtain results under a 3 sec detection window. © 2012 Elsevier Ltd. All rights reserved

Network Traffic Deviation Detection Based on Fractal Dimension

In this paper we examine aggregate network traffic for deviation detection. The precise and fast detection of network traffic deviation is crucial to improve the efficient operation of a network. It is often difficult to detect the time when the defects occur in a network. In this article, a new algorithm is bestowed to supervise the aggregate network traffic to fast detect the time deviation transpires in a network. This is performed by supervising the statistical attributes of the time series depicting the network conduct. The procedure examines the network conduct using fractal dimension and discrete stationary wavelet transform. In the suggested procedure, after implementing discrete stationary wavelet transform on the signal depicting the network traffic, the fractal dimension of the disintegrated signal is computed in a sliding window. Then, variations of signal fractal dimension are regarded for deviation detection. Performance of the suggested procedure is compared with that of three other existent procedures using artificial substance signal .The results show superiority of the suggested procedure in terms of preciseness compared to existent procedures

A multivariant stream analysis approach to detect and mitigate DDoS attacks in vehicular ad hoc networks

Vehicular Ad Hoc Networks (VANETs) are rapidly gaining attention due to the diversity of services that they can potentially offer. However, VANET communication is vulnerable to numerous security threats such as Distributed Denial of Service (DDoS) attacks. Dealing with these attacks in VANET is a challenging problem. Most of the existing DDoS detection techniques suffer from poor accuracy and high computational overhead. To cope with these problems, we present a novel Multivariant Stream Analysis (MVSA) approach. The proposed MVSA approach maintains the multiple stages for detection DDoS attack in network. The Multivariant Stream Analysis gives unique result based on the Vehicle-to-Vehicle communication through Road Side Unit. The approach observes the traffic in different situations and time frames and maintains different rules for various traffic classes in various time windows. The performance of the MVSA is evaluated using an NS2 simulator. Simulation results demonstrate the effectiveness and efficiency of the MVSA regarding detection accuracy and reducing the impact on VANET communication. © 2018 Raenu Kolandaisamy et al. **Please note that there are multiple authors for this article therefore only the name of the first 5 including Federation University Australia affiliate “Muhammad Imran” is provided in this record*

Anomaly Detection Framework Based on Matching Pursuit for Network Security Enhancement, Journal of Telecommunications and Information Technology, 2011, nr 1

In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate parameters from different layers in order to detect 0-day attacks and reduce false positives. Moreover, we propose to combine statistical and signal-based features. The major contribution of this paper are: novel framework for network security based on the correlation approach as well as new signal based algorithm for intrusion detection using matching pursuit