Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send...

Descripción completa

Detalles Bibliográficos
Autores principales: Ali, Basheer Husham, Sulaiman, Nasri, Al-Haddad, Syed Abdul Rahman, Atan, Rodziah, Hassan, Siti Lailatul Mohd, Alghrairi, Mokhalad
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2021
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8512025/
https://www.ncbi.nlm.nih.gov/pubmed/34640773
http://dx.doi.org/10.3390/s21196453
_version_ 1784582889318383616
author Ali, Basheer Husham
Sulaiman, Nasri
Al-Haddad, Syed Abdul Rahman
Atan, Rodziah
Hassan, Siti Lailatul Mohd
Alghrairi, Mokhalad
author_facet Ali, Basheer Husham
Sulaiman, Nasri
Al-Haddad, Syed Abdul Rahman
Atan, Rodziah
Hassan, Siti Lailatul Mohd
Alghrairi, Mokhalad
author_sort Ali, Basheer Husham
collection PubMed
description One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send a very large number of packets toward the specified machine to consume its resources and stop it from working. We implemented a method using Java based on entropy and sequential probabilities ratio test (ESPRT) methods to identify malicious flows and their switch interfaces that aid them in passing through. Entropy (E) is the first technique, and the sequential probabilities ratio test (SPRT) is the second technique. The entropy method alone compares its results with a certain threshold in order to make a decision. The accuracy and F-scores for entropy results thus changed when the threshold values changed. Using both entropy and SPRT removed the uncertainty associated with the entropy threshold. The false positive rate was also reduced when combining both techniques. Entropy-based detection methods divide incoming traffic into groups of traffic that have the same size. The size of these groups is determined by a parameter called window size. The Defense Advanced Research Projects Agency (DARPA) 1998, DARPA2000, and Canadian Institute for Cybersecurity (CIC-DDoS2019) databases were used to evaluate the implementation of this method. The metric of a confusion matrix was used to compare the ESPRT results with the results of other methods. The accuracy and f-scores for the DARPA 1998 dataset were 0.995 and 0.997, respectively, for the ESPRT method when the window size was set at 50 and 75 packets. The detection rate of ESPRT for the same dataset was 0.995 when the window size was set to 10 packets. The average accuracy for the DARPA 2000 dataset for ESPRT was 0.905, and the detection rate was 0.929. Finally, ESPRT was scalable to a multiple domain topology application.
format Online
Article
Text
id pubmed-8512025
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-85120252021-10-14 Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods Ali, Basheer Husham Sulaiman, Nasri Al-Haddad, Syed Abdul Rahman Atan, Rodziah Hassan, Siti Lailatul Mohd Alghrairi, Mokhalad Sensors (Basel) Article One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send a very large number of packets toward the specified machine to consume its resources and stop it from working. We implemented a method using Java based on entropy and sequential probabilities ratio test (ESPRT) methods to identify malicious flows and their switch interfaces that aid them in passing through. Entropy (E) is the first technique, and the sequential probabilities ratio test (SPRT) is the second technique. The entropy method alone compares its results with a certain threshold in order to make a decision. The accuracy and F-scores for entropy results thus changed when the threshold values changed. Using both entropy and SPRT removed the uncertainty associated with the entropy threshold. The false positive rate was also reduced when combining both techniques. Entropy-based detection methods divide incoming traffic into groups of traffic that have the same size. The size of these groups is determined by a parameter called window size. The Defense Advanced Research Projects Agency (DARPA) 1998, DARPA2000, and Canadian Institute for Cybersecurity (CIC-DDoS2019) databases were used to evaluate the implementation of this method. The metric of a confusion matrix was used to compare the ESPRT results with the results of other methods. The accuracy and f-scores for the DARPA 1998 dataset were 0.995 and 0.997, respectively, for the ESPRT method when the window size was set at 50 and 75 packets. The detection rate of ESPRT for the same dataset was 0.995 when the window size was set to 10 packets. The average accuracy for the DARPA 2000 dataset for ESPRT was 0.905, and the detection rate was 0.929. Finally, ESPRT was scalable to a multiple domain topology application. MDPI 2021-09-27 /pmc/articles/PMC8512025/ /pubmed/34640773 http://dx.doi.org/10.3390/s21196453 Text en © 2021 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Ali, Basheer Husham
Sulaiman, Nasri
Al-Haddad, Syed Abdul Rahman
Atan, Rodziah
Hassan, Siti Lailatul Mohd
Alghrairi, Mokhalad
Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods
title Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods
title_full Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods
title_fullStr Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods
title_full_unstemmed Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods
title_short Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods
title_sort identification of distributed denial of services anomalies by using combination of entropy and sequential probabilities ratio test methods
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8512025/
https://www.ncbi.nlm.nih.gov/pubmed/34640773
http://dx.doi.org/10.3390/s21196453
work_keys_str_mv AT alibasheerhusham identificationofdistributeddenialofservicesanomaliesbyusingcombinationofentropyandsequentialprobabilitiesratiotestmethods
AT sulaimannasri identificationofdistributeddenialofservicesanomaliesbyusingcombinationofentropyandsequentialprobabilitiesratiotestmethods
AT alhaddadsyedabdulrahman identificationofdistributeddenialofservicesanomaliesbyusingcombinationofentropyandsequentialprobabilitiesratiotestmethods
AT atanrodziah identificationofdistributeddenialofservicesanomaliesbyusingcombinationofentropyandsequentialprobabilitiesratiotestmethods
AT hassansitilailatulmohd identificationofdistributeddenialofservicesanomaliesbyusingcombinationofentropyandsequentialprobabilitiesratiotestmethods
AT alghrairimokhalad identificationofdistributeddenialofservicesanomaliesbyusingcombinationofentropyandsequentialprobabilitiesratiotestmethods

Ejemplares similares