Browse > Article
http://dx.doi.org/10.5351/KJAS.2013.26.2.291

Nonparametric Detection Methods against DDoS Attack  

Lee, J.L. (Department of Statistics, Sungkyunkwan University)
Hong, C.S. (Department of Statistics, Sungkyunkwan University)
Publication Information
The Korean Journal of Applied Statistics / v.26, no.2, 2013 , pp. 291-305 More about this Journal
Abstract
Collective traffic data (BPS, PPS etc.) for detection against the distributed denial of service attack on network is the time sequencing big data. The algorithm to detect the change point in the big data should be accurate and exceed in detection time and detection capability. In this work, the sliding window and discretization method is used to detect the change point in the big data, and propose five nonparametric test statistics using empirical distribution functions and ranks. With various distribution functions and their parameters, the detection time and capability including the detection delay time and the detection ratio for five test methods are explored and discussed via monte carlo simulation and illustrative examples.
Keywords
Big data; change point; sliding window; discretization; detection delay time; window data;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Siris, V. A. and Papagalou, F. (2006). Application of anomaly detection algorithms for detecting SYN flooding attacks, Computer Communications, 29, 1433-1442.   DOI   ScienceOn
2 Symantec, Inc. (2011). Norton Cyber Crime Report 2011.
3 Takada, H. H. and Hofmann, U. (2004). Application and analyses of cumulative sum to detect highly distributed denial of service attacks using different attack traffic patterns, IST INTERMON Newsletter, 7, 1-14.
4 Tartakovsky, A. G., Rozovskii, B. L. and Blazek, R. B. (2006). A novel approach to detection of denial-ofservice attacks via adaptive sequential and batch sequential change-point detection methods, IEEE Transactions on Signal Processing, 54, 3372-3382.   DOI   ScienceOn
5 Wang, H., Zhang, D. and Shin, K. G. (2004). Change-point monitoring for detection of DoS attacks, IEEE Transactions on Dependable and Secure Computing, 1, 193-208.   DOI   ScienceOn
6 Anderson, T. W. (1962). On the distribution of the two-sample Cramer-Von-Mises criterion, Annals of Mathematical Statistics, 33, 1148-1159.   DOI   ScienceOn
7 Basseville, M. and Nikoforov, I. V. (1993). Detection of Abrupt Change Theory and Application, Prentice Hall, Englewood Clifs, NJ.
8 Brodsky, B. E. and Darkhovsky, B. S. (1993). Nonparametric Methods in Change-point Problems, Kluwer Academic Publishers.
9 Carl, G., Kesidis, G., Brooks, R. R. and Suresh, R. (2006). Denial-of-service attack-detection techniques, IEEE Internet Computing, 10, 82-89.
10 Gibbons, J. D. and Chakraborti, S. (2003). Nonparametric Statistical Inference, 4th Edition, The university of Alabama.
11 Gordon, L. and Pollak, M. (1994). An efficient sequential nonparametric scheme for detecting a change in distribution, Annuls of Statistics, 22, 763-804.   DOI
12 Greenwell, R. N. and Finch, S. J. (2004). Randomized rejection procedure for the two-sample Kolmogorov- Smirnov statistic, Computational Statistics and Data Analysis, 46, 257-267.   DOI   ScienceOn
13 Karen, S. and Peter, M. (2007). Guide to Intrusion Detection and Prevention Systems(IDPS), Recommendations of the National Institute of Standards and Technology.
14 Kim, P. K. (1969). On the exact and approximate sampling distribution of the two sample Kolmogorov Smirnov Criterion, Journal of the American Statistical Association, 64, 1625-1637.
15 Ming, Y. (2011). A nonparametric adaptive CUSUM method and its application in source-end defense against SYN flooding attacks, Wuhan University Journal of Natural Sciences, 16, 414-418.   DOI
16 Lepage, Y. (1971). A combination of Wilcoxon's and Ansari-Bradley's statistics, Biometrika, 58, 213-217.   DOI   ScienceOn
17 Li, L. and Lee, G. H. (2003). DDoS attack detection and wavelets, Computer Communications and Networks, Proceedings, 12, 421-427.
18 McDonald, D. (1990). A Cusum procedure based on sequential ranks, Naval Research Logistics, 37, 627-646.   DOI
19 Ross, G. J. and Adams, N. M. (2012). Two nonparametric control charts for detecting arbitrary distribution changes, Journal of Quality Technology, 44, 102-116.   DOI
20 Ross, G. J., Dimitris, K. and Adams, N. M. (2011). Nonparametric monitoring of data streams for changes in location and scale, Technometrics, 53, 379-389.   DOI