DDOS-attacks detection using an efficient measurement-based statistical mechanism

Abstract A monitoring mechanism is vital for detecting malicious attacks against cyber systems. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the most important security challenges facing network technologies. This paper introduces a reliable detection mechanism based on the continuous ranked probability score (CRPS) statistical metric and exponentially smoothing (ES) scheme for enabling efficient detection of DOS and DDOS attacks. In this regard, the CRPS is used to quantify the dissimilarity between a new observation and the distribution of normal traffic. The ES scheme, which is sensitive in detecting small changes, is applied to CRPS measurements for anomaly detection. Moreover, in CRPS-ES approach, a nonparametric decision threshold computed via kernel density estimation is used to suitably detect anomalies. Tests on three publically available datasets proclaim the efficiency of the proposed mechanism in detecting cyber-attacks.