Vol.11, No.2, May 2022.                                                                                                                                                                                   ISSN: 2217-8309

                                                                                                                                                                                                                        eISSN: 2217-8333

TEM Journal

TECHNOLOGY, EDUCATION, MANAGEMENT, INFORMATICS

Association for Information Communication Technology Education and Science

Improving Learning Skills in Detection of Denial of Service Attacks with Newcombe - Benford's Law using Interactive Data Extraction and Analysis

Kemal Hajdarevic, Colin Pattinson, Ingmar Besic

© 2022 Kemal Hajdarevic, published by UIKTEN. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. (CC BY-NC-ND 4.0)

Citation Information: TEM Journal. Volume 11, Issue 2, Pages 527-534, ISSN 2217-8309, DOI: 10.18421/TEM112-05, May 2022.

Received: 10 February 2022.

Revised:   03 April 2022.
Accepted: 09 April 2022.
Published: 27 May 2022.

Abstract:

Denial of Service attacks and the distributed variant of this type of attack called DDoS are attack types which are easy to start but hard to stop especially in the DDoS case. The significance of this type of attack is that attackers use a large number of packets usually created with programs and scripts for creating specially crafted types of packets for different types of attack such as SYN flood, ICMP smurf, etc. These packets have similar or identical attributes such as length of packets, interval time, destination port, TCP flags etc. Skilled engineers and researchers use these packet attributes as indicators to detect anomalous packets in network traffic. For fast detection of anomalous packets in legitimate traffic we proposed Interactive Data Extraction and Analysis with Newcombe-Benford power law which is able to detect matching first occurrences of leading digits – size of each packet that indicate usage of automated scripts for attack purposes. Power law can be used to detect the same first two, three, or second digits, last one or two digits in data set etc. We used own data set, and real devices.

Keywords –DoS, Newcombe-Benford law, RMON, SNMP, MIB.

-----------------------------------------------------------------------------------------------------------

Full text PDF >  

-----------------------------------------------------------------------------------------------------------