Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Privalov, Andrey; Lukicheva, Vera; Kotenko, Igor; Saenko, Igor

doi:10.3390/en12244768

Cited by 12 publications

(4 citation statements)

References 40 publications

(45 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As development in this area, several works had been published, such as [9,10] in order to detect attacks at their early stages, usually not taking into account the time in their evaluation. Even, if it is incorporated, usually is just measured by the amount of time until the detection, as shown in [11,12], where a distributed denial of service (DDOS) is targeted.…”

Section: Related Workmentioning

confidence: 99%

Time Aware F-Score for Cybersecurity Early Detection Evaluation

López-Vizcaíno,

Nóvoa,

Fernández

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

With the increase in the use of Internet interconnected systems, security has become of utmost importance. One key element to guarantee an adequate level of security is being able to detect the threat as soon as possible, decreasing the risk of consequences derived from those actions. In this paper, a new metric for early detection system evaluation that takes into account the delay in detection is defined. Time aware F-score (TaF) takes into account the number of items or individual elements processed to determine if an element is an anomaly or if it is not relevant to be detected. These results are validated by means of a dual approach to cybersecurity, Operative System (OS) scan attack as part of systems and network security and the detection of depression in social media networks as part of the protection of users. Also, different approaches, oriented towards studying the impact of single item selection, are applied to final decisions. This study allows to establish that nitems selection method is usually the best option for early detection systems. TaF metric provides, as well, an adequate alternative for time sensitive detection evaluation.

show abstract

Section: Related Workmentioning

confidence: 99%

Time Aware F-Score for Cybersecurity Early Detection Evaluation

López-Vizcaíno,

Nóvoa,

Fernández

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…However, the time-aware evaluation is limited to measuring the average response time between the attack and the detection. A similar approach is followed by Privalov et al in [22], measuring the average time to detect a distributed denial of service attack.…”

Section: Related Workmentioning

confidence: 99%

Measuring Early Detection of Anomalies

et al. 2022

View full text Add to dashboard Cite

Early detection is a matter of growing importance in multiple domains as network security, health conditions over social network services or weather forecasts related disasters. It is not enough to make a good decision but it also needs to be made on time. In this paper, we define a method to evaluate detection of anomalies in time-aware systems. To do so, we present the early detection problem from a generic perspective, examine the evaluation metrics available and propose a new metric, named T aP (T ime aware P recision). A set of experiments using three different datasets from different fields are performed in order to compare the behaviour of the different metrics. Two different approaches were followed, first a batch evaluation is performed, followed by a streaming evaluation which allows to present a more realistic behaviour of the systems. For both steps, we propose two sets of experiments. The first one using baseline models, followed by the evaluation of a set of Machine Learning algorithms results. The presented metric allows the amount of items needed to take a decision to be taken into account, not depending on the specific dataset but on the nature of the problem to solve.

show abstract

“…One major attack is the DDoS attack. DDoS attacks are cyber-attacks on specific servers or network with the intended purpose of disrupting that network or server's normal operation [6]. Real-time detection of DDoS attacks is not easy to detect and mitigate, but this solution holds great value as attacks can cause big issues [7].…”

Section: Introductionmentioning

confidence: 99%

Real-Time DDoS Attack Detection System Using Big Data Approach

et al. 2021

View full text Add to dashboard Cite

Currently, the Distributed Denial of Service (DDoS) attack has become rampant, and shows up in various shapes and patterns, therefore it is not easy to detect and solve with previous solutions. Classification algorithms have been used in many studies and have aimed to detect and solve the DDoS attack. DDoS attacks are performed easily by using the weaknesses of networks and by generating requests for services for software. Real-time detection of DDoS attacks is difficult to detect and mitigate, but this solution holds significant value as these attacks can cause big issues. This paper addresses the prediction of application layer DDoS attacks in real-time with different machine learning models. We applied the two machine learning approaches Random Forest (RF) and Multi-Layer Perceptron (MLP) through the Scikit ML library and big data framework Spark ML library for the detection of Denial of Service (DoS) attacks. In addition to the detection of DoS attacks, we optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework (Spark ML). We achieved a mean accuracy of 99.5% of the models both with and without big data approaches. However, in training and testing time, the big data approach outperforms the non-big data approach due to that the Spark computations in memory are in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively. Using a big data tool (Apache Spark), the maximum intermediate training and testing time in minutes was 34.11 and 0.46, respectively, using a non-big data approach. We also achieved these results using the big data approach. We can detect an attack in real-time in few milliseconds.

show abstract

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Cited by 12 publications

References 40 publications

Time Aware F-Score for Cybersecurity Early Detection Evaluation

Time Aware F-Score for Cybersecurity Early Detection Evaluation

Measuring Early Detection of Anomalies

Real-Time DDoS Attack Detection System Using Big Data Approach

Contact Info

Product

Resources

About