Detection of smurf flooding attacks using Kullback-Leibler-based scheme

Benamar Bouyeddou*, Fouzi Harrou, Ying Sun, Benamar Kadri

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations

Abstract

Reliable and timely detection of cyber attacks become indispensable to protect networks and systems. Internet control message protocol (ICMP) flood attacks are still one of the most challenging threats in both IPv4 and IPv6 networks. This paper proposed an approach based on Kullback-Leibler divergence (KLD) to detect ICMP-based Denial Of service (DOS) and Distributed Denial Of Service (DDOS) flooding attacks. This is motivated by the high capacity of KLD to quantitatively discriminate between two distributions. Here, the three-sigma rule is applied to the KLD distances for anomaly detection. We evaluated the effectiveness of this scheme by using the 1999 DARPA Intrusion Detection Evaluation Datasets.

Original languageEnglish (US)
Title of host publication2018 4th International Conference on Computer and Technology Applications, ICCTA 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages11-15
Number of pages5
ISBN (Electronic)9781538669952
DOIs
StatePublished - Jun 27 2018
Event4th International Conference on Computer and Technology Applications, ICCTA 2018 - Istanbul, Turkey
Duration: May 3 2018May 5 2018

Publication series

Name2018 4th International Conference on Computer and Technology Applications, ICCTA 2018

Conference

Conference4th International Conference on Computer and Technology Applications, ICCTA 2018
Country/TerritoryTurkey
CityIstanbul
Period05/3/1805/5/18

Keywords

  • DARPA99 dataset
  • ICMP flood
  • KL distance
  • anomaly detection
  • cyber-attack

ASJC Scopus subject areas

  • Software
  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Detection of smurf flooding attacks using Kullback-Leibler-based scheme'. Together they form a unique fingerprint.

Cite this