Detection of Denial-of-Service (DoS) attacks has attracted researchers since 1990s. A variety of detection systems has been proposed to achieve this task. Unlike the existing approaches based on machine learning and statistical analysis, the proposed system treats traffic records as images and detection of DoS attacks as a computer vision problem. A multivariate correlation analysis approach is introduced to accurately depict network traffic records and to convert the records into the respective images. The images of network traffic records are used as the observed objects of our proposed DoS attack detection system, which is developed based on a widely used dissimilarity measure, namely Earth Mover’s Distance (EMD). EMD takes cross-bin matching into account and provides a more accurate evaluation on the dissimilarity between distributions than some other well-known dissimilarity measures, such as Minkowskiform distance Lp and X2 statistics. These unique merits facilitate our proposed system with effective detection capabilities. To evaluate the proposed EMD-based detection system, ten-fold cross-validations are conducted using KDD Cup 99 data set and ISCX 2012 IDS Evaluation data set. The results presented in the system evaluation section illustrate that our detection system can detect unknown DoS attacks and achieves 99.95% detection accuracy on KDD Cup 99 data set and 90.12% detection accuracy on ISCX 2012 IDS evaluation data set with processing capability of approximately 59,000 traffic records per second.
展开▼
机译:自1990年代以来,拒绝服务(DoS)攻击的检测就吸引了研究人员的注意。已经提出了多种检测系统来实现该任务。与基于机器学习和统计分析的现有方法不同,该系统将交通记录视为图像,将DoS攻击的检测视为计算机视觉问题。引入了一种多元相关分析方法,可以准确地描述网络流量记录并将记录转换为相应的图像。网络流量记录的图像用作我们建议的DoS攻击检测系统的观察对象,该系统是基于广泛使用的差异度量(即地球移动者的距离(EMD))开发的。与其他一些众所周知的不相似度度量(例如Minkowskiform距离Lp和X2统计量)相比,EMD考虑了跨仓匹配,并提供了更精确的分布之间不相似性评估。这些独特的优点使我们建议的系统具有有效的检测功能。为了评估提议的基于EMD的检测系统,使用KDD Cup 99数据集和ISCX 2012 IDS评估数据集进行了十次交叉验证。系统评估部分中显示的结果表明,我们的检测系统可以检测未知的DoS攻击,并在KDD Cup 99数据集上达到99.95%的检测准确度,在ISCX 2012 IDS评估数据集上达到90.12%的检测准确度,具有大约59,000条流量记录的处理能力每秒。
展开▼
