Detection of DDoS attacks using optimized traffic matrix

“…CT , in accordance with [19,20], was carried out by transforming FS to a hyper-spherical form. Since the main stage of clustering when splitting FS into groups is an increase in the radius (cr m ) of container (RC) at every step of ASR (or ІSDА) leanring, it is possible to use the following recurrent expression: In the process of ASR learning, we make an assumption about fuzzy compactness of the implementation of binary learning matrices (BLM) [16,21,22], obtained at the stage of splitting SF into relevant RO classes. Fuzzy partition RC |M| includes the elements that can be attributed to fuzzy RO classes, for example, when it is difficult to distinguish a DoS attack from a DDoS attack [4,16].…”

“…The following constraints are imposed on expression (2): cr ct ct ⊕ among all classes for RO; RO are described by binary learning matrices (BLM) [21][22][23]. We accepted that ct a and ct b are the reference vectors of RO classes, in particular, by the KDD Cup 1999 Data [2,5,7].…”

Development of a system for the detection of cyber attacks based on the clustering and formation of reference deviations of attributes

“…CT , in accordance with [19,20], was carried out by transforming FS to a hyper-spherical form. Since the main stage of clustering when splitting FS into groups is an increase in the radius (cr m ) of container (RC) at every step of ASR (or ІSDА) leanring, it is possible to use the following recurrent expression: In the process of ASR learning, we make an assumption about fuzzy compactness of the implementation of binary learning matrices (BLM) [16,21,22], obtained at the stage of splitting SF into relevant RO classes. Fuzzy partition RC |M| includes the elements that can be attributed to fuzzy RO classes, for example, when it is difficult to distinguish a DoS attack from a DDoS attack [4,16].…”

“…The following constraints are imposed on expression (2): cr ct ct ⊕ among all classes for RO; RO are described by binary learning matrices (BLM) [21][22][23]. We accepted that ct a and ct b are the reference vectors of RO classes, in particular, by the KDD Cup 1999 Data [2,5,7].…”

Development of a system for the detection of cyber attacks based on the clustering and formation of reference deviations of attributes

“…Authors showed that researchers used simulated network background and attack traffic, scenario specific data sets or simulated attacks on live traffic traces for performance analysis. Because of the risk of disturbing an operational network, using network simulations is a common approach in networking research (Chen et al, 2013;Xia et al, 2012;Lee et al, 2012). However, it is not possible to accurately simulate Internet traffic because there is no known formula for modeling it (Willinger and Paxson, 1998).…”

Deceiving entropy based DoS detection

“…The SICLN is a supervised version of the ICLN. In [15], the writers propose an enhanced DDoS attacks detection approach by optimizing the parameters of the traffic matrix using a Genetic Algorithm (GA) to maximize the detection rates. As we can see, intelligent detection is widely used in network area and is one of the most important methods of traffic anomaly detection with good development prospects.…”

An Improved ARIMA-Based Traffic Anomaly Detection Algorithm for Wireless Sensor Networks