UPM Institutional Repository

DDoS detection using active and idle features of revised CICFlowMeter and statistical approaches


Citation

Ali, Basheer Husham and Sulaiman, Nasri and Al-Haddad, S. A. R. and Atan, Rodziah and Mohd Hassan, Siti Lailatul (2022) DDoS detection using active and idle features of revised CICFlowMeter and statistical approaches. In: 2022 Fourth International Conference on Advanced Science and Engineering (4th ICOASE), 21-22 Sept. 2022, Zakho - Duhok, Kurdistan Region, Iraq. (pp. 148-153).

Abstract

Distributed Denial of services (DDoS) attack is one of the most dangerous attacks that targeted servers. The main consequence of this attack is to prevent users from getting their legitimate services by bringing down targeted victim. CICFlowMeter tool generates bi-directional flows from packets. Each flow generates 83 of different features. The research focuses on 8 features which are active min (f1), active mean (f2), active max (f3), active std (f4), idle min (f5), idle mean (f6), idle max (f7), and idle std (f8). CICFlowMeter tool has several problems that affected on the detection accuracy of DDoS attacks. The idle and active based feature of Shannon entropy and sequential probability ratio test (SE-SPRT) approach was implemented in this research. The problems of original CICFlowMeter were presented, and the differences between original and revised version of CICFlowMeter tool were explored. The DARPA database and confusion matrix were used to evaluate the detection technique and present the comparison between two versions of CICFlowMeter. The detection method detected neptune and smurf attacks and had higher accuracy, f1-score, sensitivity, specificity, and precision when revised version of CICFlowMeter used to generate flows. However, the detection method failed to detect neptune attack and had higher miss-rate, lower accuracy, lower f1-score, and lower specificity, and lower precision when original version used in generating flows.


Download File

Full text not available from this repository.
Official URL or Download Paper: https://ieeexplore.ieee.org/document/10075591

Additional Metadata

Item Type: Conference or Workshop Item (Paper)
Divisions: Faculty of Computer Science and Information Technology
Faculty of Engineering
DOI Number: https://doi.org/10.1109/ICOASE56293.2022.10075591
Publisher: IEEE
Keywords: Sequential probability ratio test; Shannon entropy; Confusion matrix; CICFlowMeter; DDoS
Depositing User: Ms. Nuraida Ibrahim
Date Deposited: 07 Nov 2023 09:02
Last Modified: 07 Nov 2023 09:02
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.1109/ICOASE56293.2022.10075591
URI: http://psasir.upm.edu.my/id/eprint/37800
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item