Identification of distributed denial of services anomalies by using combination of entropy and sequential probabilities ratio test methods

One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send...

Full description

Bibliographic Details
Main Authors: Alghrairi, M. (Author), Al-Haddad, S.A.R (Author), Ali, B.H (Author), Atan, R. (Author), Hassan, S.L.M (Author), Sulaiman, N. (Author)
Format: Article
Language:English
Published: MDPI 2021
Series:Sensors
Subjects:
Online Access:View Fulltext in Publisher
View in Scopus
LEADER 03753nam a2200505Ia 4500
001 10.3390-s21196453
008 220121s2021 CNT 000 0 und d
020 |a 14248220 (ISSN) 
245 1 0 |a Identification of distributed denial of services anomalies by using combination of entropy and sequential probabilities ratio test methods 
260 0 |b MDPI  |c 2021 
490 1 |a Sensors 
650 0 4 |a Canada 
650 0 4 |a computer security 
650 0 4 |a Computer Security 
650 0 4 |a Confusion matrix 
650 0 4 |a Databases, Factual 
650 0 4 |a Defense Advanced Research Project Agency 
650 0 4 |a Denialof- service attacks 
650 0 4 |a Denial-of-service attack 
650 0 4 |a Detection rates 
650 0 4 |a Distributed denial of service 
650 0 4 |a Distributed denial of service attack 
650 0 4 |a Distributed denial of services attack 
650 0 4 |a entropy 
650 0 4 |a Entropy 
650 0 4 |a factual database 
650 0 4 |a F-score 
650 0 4 |a Image resolution 
650 0 4 |a Network security 
650 0 4 |a probability 
650 0 4 |a Probability 
650 0 4 |a Sequential probability ratio test 
650 0 4 |a Test method 
650 0 4 |a Testing 
650 0 4 |a Window Size 
856 |z View Fulltext in Publisher  |u https://doi.org/10.3390/s21196453 
856 |z View in Scopus  |u https://www.scopus.com/inward/record.uri?eid=2-s2.0-85115786267&doi=10.3390%2fs21196453&partnerID=40&md5=4499ac6da370b5c5009fb1919f254bfe 
520 3 |a One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send a very large number of packets toward the specified machine to consume its resources and stop it from working. We implemented a method using Java based on entropy and sequential probabilities ratio test (ESPRT) methods to identify malicious flows and their switch interfaces that aid them in passing through. Entropy (E) is the first technique, and the sequential probabilities ratio test (SPRT) is the second technique. The entropy method alone compares its results with a certain threshold in order to make a decision. The accuracy and F-scores for entropy results thus changed when the threshold values changed. Using both entropy and SPRT removed the uncertainty associated with the entropy threshold. The false positive rate was also reduced when combining both techniques. Entropy-based detection methods divide incoming traffic into groups of traffic that have the same size. The size of these groups is determined by a parameter called window size. The Defense Advanced Research Projects Agency (DARPA) 1998, DARPA2000, and Canadian Institute for Cybersecurity (CIC-DDoS2019) databases were used to evaluate the implementation of this method. The metric of a confusion matrix was used to compare the ESPRT results with the results of other methods. The accuracy and f-scores for the DARPA 1998 dataset were 0.995 and 0.997, respectively, for the ESPRT method when the window size was set at 50 and 75 packets. The detection rate of ESPRT for the same dataset was 0.995 when the window size was set to 10 packets. The average accuracy for the DARPA 2000 dataset for ESPRT was 0.905, and the detection rate was 0.929. Finally, ESPRT was scalable to a multiple domain topology application. © 2021 by the authors. Licensee MDPI, Basel, Switzerland. 
700 1 0 |a Alghrairi, M.  |e author 
700 1 0 |a Al-Haddad, S.A.R.  |e author 
700 1 0 |a Ali, B.H.  |e author 
700 1 0 |a Atan, R.  |e author 
700 1 0 |a Hassan, S.L.M.  |e author 
700 1 0 |a Sulaiman, N.  |e author 
773 |t Sensors