A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks

A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks

This letter deals with the problem of detecting DoS and DDoS attacks. First of all, two features including number of packets and number of source IP addresses are extracted from network traffics as detection metrics in every minute. Hence, a time series based on the number of packets is built and no...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE communications letters 2016-04, Vol.20 (4), p.700-703
Hauptverfasser: Nezhad, Seyyed Meysam Tabatabaie, Nazari, Mahboubeh, Gharavol, Ebrahim A.
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Chaos
Chaos theory
Chaotic communication
Computational modeling
Computer crime
Denial of service attacks
DoS and DDoS detection
Forecasting
IP networks
Lyapunov exponent
Lyapunov exponents
Mathematical models
Predictive models
Time series
Time series analysis
Traffic engineering
Traffic flow
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 703
container_issue 4
container_start_page 700
container_title IEEE communications letters
container_volume 20
creator Nezhad, Seyyed Meysam Tabatabaie
Nazari, Mahboubeh
Gharavol, Ebrahim A.
description This letter deals with the problem of detecting DoS and DDoS attacks. First of all, two features including number of packets and number of source IP addresses are extracted from network traffics as detection metrics in every minute. Hence, a time series based on the number of packets is built and normalized using a Box-Cox transformation. An ARIMA model is also employed to predict the number of packets in every following minute. Then, the chaotic behavior of prediction error time series is examined by computing the maximum Lyapunov exponent. The local Lyapunov exponent is also calculated as a suitable indicator for chaotic and nonchaotic errors. Finally, a set of rules are proposed based on repeatability of chaotic behavior and enormous growth in the ratio of number of packets to number of source IP addresses during attack times to classify normal and attack traffics from each other. Simulation results show that the proposed algorithm can accurately classify 99.5% of traffic states.
doi_str_mv 10.1109/LCOMM.2016.2517622
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_1787110187</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7381613</ieee_id><sourcerecordid>1816026813</sourcerecordid><originalsourceid>FETCH-LOGICAL-c394t-6bc330c4e90caecc75705819dcf77dbaf36eec85dd807c94ca0d11fe413660583</originalsourceid><addsrcrecordid>eNpdkctOwzAQRSMEEqXwA7CxxIZNip00sbOMUh6V-pBou7ZcZ9K6JHGx3aL-PS6tWLCZmcW5d0Zzg-Ce4B4hOHseFdPxuBdhkvaihNA0ii6CDkkSFka-XPoZsyykNGPXwY21G4wx82An2OdoovdQo4GeIdGWaHAccueE_LRoAA6kU7pFeb3SRrl1gxZWtSuUfwzHOZqrBtAMjAKLxrr0NkeLYi20UxLNDtZBg1SLCt1sdw4MmoD71ubT3gZXlagt3J17N1i8vsyL93A0fRsW-SiUcdZ3YbqUcYxlHzIsBUhJE4oTRrJSVpSWS1HFKYBkSVkyTGXWlwKXhFTQJ3GaejLuBk8n363RXzuwjjfKSqhr0YLeWU4YSXGUMhJ79PEfutE70_rrOKGM-jcTRj0VnShptLUGKr41qhHmwAnmxyj4bxT8GAU_R-FFDyeRAoA_AY39cr_4B9FmhAQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1787110187</pqid></control><display><type>article</type><title>A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks</title><source>IEEE Electronic Library (IEL)</source><creator>Nezhad, Seyyed Meysam Tabatabaie ; Nazari, Mahboubeh ; Gharavol, Ebrahim A.</creator><creatorcontrib>Nezhad, Seyyed Meysam Tabatabaie ; Nazari, Mahboubeh ; Gharavol, Ebrahim A.</creatorcontrib><description>This letter deals with the problem of detecting DoS and DDoS attacks. First of all, two features including number of packets and number of source IP addresses are extracted from network traffics as detection metrics in every minute. Hence, a time series based on the number of packets is built and normalized using a Box-Cox transformation. An ARIMA model is also employed to predict the number of packets in every following minute. Then, the chaotic behavior of prediction error time series is examined by computing the maximum Lyapunov exponent. The local Lyapunov exponent is also calculated as a suitable indicator for chaotic and nonchaotic errors. Finally, a set of rules are proposed based on repeatability of chaotic behavior and enormous growth in the ratio of number of packets to number of source IP addresses during attack times to classify normal and attack traffics from each other. Simulation results show that the proposed algorithm can accurately classify 99.5% of traffic states.</description><identifier>ISSN: 1089-7798</identifier><identifier>EISSN: 1558-2558</identifier><identifier>DOI: 10.1109/LCOMM.2016.2517622</identifier><identifier>CODEN: ICLEF6</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Algorithms ; Chaos ; Chaos theory ; Chaotic communication ; Computational modeling ; Computer crime ; Denial of service attacks ; DoS and DDoS detection ; Forecasting ; IP networks ; Lyapunov exponent ; Lyapunov exponents ; Mathematical models ; Predictive models ; Time series ; Time series analysis ; Traffic engineering ; Traffic flow</subject><ispartof>IEEE communications letters, 2016-04, Vol.20 (4), p.700-703</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c394t-6bc330c4e90caecc75705819dcf77dbaf36eec85dd807c94ca0d11fe413660583</citedby><cites>FETCH-LOGICAL-c394t-6bc330c4e90caecc75705819dcf77dbaf36eec85dd807c94ca0d11fe413660583</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7381613$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7381613$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Nezhad, Seyyed Meysam Tabatabaie</creatorcontrib><creatorcontrib>Nazari, Mahboubeh</creatorcontrib><creatorcontrib>Gharavol, Ebrahim A.</creatorcontrib><title>A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks</title><title>IEEE communications letters</title><addtitle>COML</addtitle><description>This letter deals with the problem of detecting DoS and DDoS attacks. First of all, two features including number of packets and number of source IP addresses are extracted from network traffics as detection metrics in every minute. Hence, a time series based on the number of packets is built and normalized using a Box-Cox transformation. An ARIMA model is also employed to predict the number of packets in every following minute. Then, the chaotic behavior of prediction error time series is examined by computing the maximum Lyapunov exponent. The local Lyapunov exponent is also calculated as a suitable indicator for chaotic and nonchaotic errors. Finally, a set of rules are proposed based on repeatability of chaotic behavior and enormous growth in the ratio of number of packets to number of source IP addresses during attack times to classify normal and attack traffics from each other. Simulation results show that the proposed algorithm can accurately classify 99.5% of traffic states.</description><subject>Algorithms</subject><subject>Chaos</subject><subject>Chaos theory</subject><subject>Chaotic communication</subject><subject>Computational modeling</subject><subject>Computer crime</subject><subject>Denial of service attacks</subject><subject>DoS and DDoS detection</subject><subject>Forecasting</subject><subject>IP networks</subject><subject>Lyapunov exponent</subject><subject>Lyapunov exponents</subject><subject>Mathematical models</subject><subject>Predictive models</subject><subject>Time series</subject><subject>Time series analysis</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><issn>1089-7798</issn><issn>1558-2558</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpdkctOwzAQRSMEEqXwA7CxxIZNip00sbOMUh6V-pBou7ZcZ9K6JHGx3aL-PS6tWLCZmcW5d0Zzg-Ce4B4hOHseFdPxuBdhkvaihNA0ii6CDkkSFka-XPoZsyykNGPXwY21G4wx82An2OdoovdQo4GeIdGWaHAccueE_LRoAA6kU7pFeb3SRrl1gxZWtSuUfwzHOZqrBtAMjAKLxrr0NkeLYi20UxLNDtZBg1SLCt1sdw4MmoD71ubT3gZXlagt3J17N1i8vsyL93A0fRsW-SiUcdZ3YbqUcYxlHzIsBUhJE4oTRrJSVpSWS1HFKYBkSVkyTGXWlwKXhFTQJ3GaejLuBk8n363RXzuwjjfKSqhr0YLeWU4YSXGUMhJ79PEfutE70_rrOKGM-jcTRj0VnShptLUGKr41qhHmwAnmxyj4bxT8GAU_R-FFDyeRAoA_AY39cr_4B9FmhAQ</recordid><startdate>201604</startdate><enddate>201604</enddate><creator>Nezhad, Seyyed Meysam Tabatabaie</creator><creator>Nazari, Mahboubeh</creator><creator>Gharavol, Ebrahim A.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope><scope>F28</scope><scope>FR3</scope></search><sort><creationdate>201604</creationdate><title>A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks</title><author>Nezhad, Seyyed Meysam Tabatabaie ; Nazari, Mahboubeh ; Gharavol, Ebrahim A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c394t-6bc330c4e90caecc75705819dcf77dbaf36eec85dd807c94ca0d11fe413660583</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Algorithms</topic><topic>Chaos</topic><topic>Chaos theory</topic><topic>Chaotic communication</topic><topic>Computational modeling</topic><topic>Computer crime</topic><topic>Denial of service attacks</topic><topic>DoS and DDoS detection</topic><topic>Forecasting</topic><topic>IP networks</topic><topic>Lyapunov exponent</topic><topic>Lyapunov exponents</topic><topic>Mathematical models</topic><topic>Predictive models</topic><topic>Time series</topic><topic>Time series analysis</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Nezhad, Seyyed Meysam Tabatabaie</creatorcontrib><creatorcontrib>Nazari, Mahboubeh</creatorcontrib><creatorcontrib>Gharavol, Ebrahim A.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>ANTE: Abstracts in New Technology &amp; Engineering</collection><collection>Engineering Research Database</collection><jtitle>IEEE communications letters</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Nezhad, Seyyed Meysam Tabatabaie</au><au>Nazari, Mahboubeh</au><au>Gharavol, Ebrahim A.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks</atitle><jtitle>IEEE communications letters</jtitle><stitle>COML</stitle><date>2016-04</date><risdate>2016</risdate><volume>20</volume><issue>4</issue><spage>700</spage><epage>703</epage><pages>700-703</pages><issn>1089-7798</issn><eissn>1558-2558</eissn><coden>ICLEF6</coden><abstract>This letter deals with the problem of detecting DoS and DDoS attacks. First of all, two features including number of packets and number of source IP addresses are extracted from network traffics as detection metrics in every minute. Hence, a time series based on the number of packets is built and normalized using a Box-Cox transformation. An ARIMA model is also employed to predict the number of packets in every following minute. Then, the chaotic behavior of prediction error time series is examined by computing the maximum Lyapunov exponent. The local Lyapunov exponent is also calculated as a suitable indicator for chaotic and nonchaotic errors. Finally, a set of rules are proposed based on repeatability of chaotic behavior and enormous growth in the ratio of number of packets to number of source IP addresses during attack times to classify normal and attack traffics from each other. Simulation results show that the proposed algorithm can accurately classify 99.5% of traffic states.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/LCOMM.2016.2517622</doi><tpages>4</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1089-7798
ispartof IEEE communications letters, 2016-04, Vol.20 (4), p.700-703
issn 1089-7798
1558-2558
language eng
recordid cdi_proquest_journals_1787110187
source IEEE Electronic Library (IEL)
subjects Algorithms
Chaos
Chaos theory
Chaotic communication
Computational modeling
Computer crime
Denial of service attacks
DoS and DDoS detection
Forecasting
IP networks
Lyapunov exponent
Lyapunov exponents
Mathematical models
Predictive models
Time series
Time series analysis
Traffic engineering
Traffic flow
title A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T12%3A49%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Novel%20DoS%20and%20DDoS%20Attacks%20Detection%20Algorithm%20Using%20ARIMA%20Time%20Series%20Model%20and%20Chaotic%20System%20in%20Computer%20Networks&rft.jtitle=IEEE%20communications%20letters&rft.au=Nezhad,%20Seyyed%20Meysam%20Tabatabaie&rft.date=2016-04&rft.volume=20&rft.issue=4&rft.spage=700&rft.epage=703&rft.pages=700-703&rft.issn=1089-7798&rft.eissn=1558-2558&rft.coden=ICLEF6&rft_id=info:doi/10.1109/LCOMM.2016.2517622&rft_dat=%3Cproquest_RIE%3E1816026813%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1787110187&rft_id=info:pmid/&rft_ieee_id=7381613&rfr_iscdi=true