A Comparison Between Divergence Measures for Network Anomaly Detection

International audienceThis paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection

A Comparison Between Divergence Measures for Network Anomaly Detection

Abstract-This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection

A Hellinger Distance Based Algorithm To Detect Distributed Denial Of Service Attacks On Voice Over Internet Protocol Environments

Voice communication over the Internet has experienced rapid growth in homes and businesses with the development of Voice over Internet Protocol (VoIP). The growth in number of VoIP subscribers is due to VoIP flexibility, Quality of Service and being low in cost. This growth has prompted a major shift from the traditional public switched telephone network (PSTN) which is circuit-switched to a packet-switched VoIP. The Session Initiation Protocol (SIP), protocol used in VoIP, is responsible in creating session between a caller and a callee for bidirectional communication using SIP messages. The VoIP, as with other services on the Internet, also suffers from various security issues and vulnerabilities, arising from new protocols and the existing infrastructure of traditional data network

Efficient Detection of Attacks in SIP Based VoIP Networks Using Linear l1-SVM Classifier

The Session Initiation Protocol (SIP) is one of the most common protocols that are used for signaling function in Voice over IP (VoIP) networks. The SIP protocol is very popular because of its flexibility, simplicity, and easy implementation, so it is a target of many attacks. In this paper, we propose a new system to detect the Denial of Service (DoS) attacks (i.e. malformed message and invite flooding) and Spam over Internet Telephony (SPIT) attack in the SIP based VoIP networks using a linear Support Vector Machine with l1 regularization (i.e. l1-SVM) classifier. In our approach, we project the SIP messages into a very high dimensional space using string based n-gram features. Hence, a linear classifier is trained on the top of these features. Our experimental results show that the proposed system detects malformed message, invite flooding, and SPIT attacks with a high accuracy. In addition, the proposed system outperformed other systems significantly in the detection speed

An Enhanced Entropy Approach to Detect and Prevent DDoS in Cloud Environment

Distributed Denial of Service (DDoS) attack launched in Cloud computing environment resulted in loss of sensitive information, Data corruption and even rarely lead to service shutdown. Entropy based DDoS mitigation approach analyzes the heuristic data and acts dynamically according to the traffic behavior to effectively segregate the characteristics of incoming traffic. Heuristic data helps in detecting the traffic condition to mitigate the flooding attack. Then, the traffic data is analyzed to distinguish legitimate and attack characteristics. An additional Trust mechanism has been deployed to differentiate legitimate and aggressive legitimate users. Hence, Goodput of Datacenter has been improved by detecting and mitigating the incoming traffic threats at each stage. Simulation results proved that the Enhanced Entropy approach behaves better at DDoS attack prone zones. Profit analysis also proved that the proposed mechanism is deployable at Datacenter for attack mitigation and resource protection which eventually results in beneficial service at slenderized revenu

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems