Time series analysis of distributed denial of service attacks in intrusion detection systems

Abstract

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks cause million dollar losses to the companies, hence network security has become one of the most important topic in the modern world. DDoS attacks especially distinguish the availability where confidentiality and integrity are the other two main elements of Information security services. Data analysts try to prevent or detect DDoS attacks by applying different methods and using different data analysis tools. In this thesis, time series analysis of DDoS attacks are investigated. Arrival time of the incoming packets is recorded and windowed in order to obtain the network traffic data in terms of time series. In the statistical sense, the skewness and kurtosis features of time series data are chosen as dispersion parameters and classification features due to them having useful statistical information. After investigating the results with Shapiro-Wilk, Kolmogorov-Smirnoff and Chi-Square tests techniques; normal and attack traffics are modelled with different goodness-of-fit tests. Furthermore, Naive Bayes, k-nearest neighbor and thresholding methods are used in order to detect attacks from network traffic data. After heavy simulation studies, it has been shown that the detection rate of DDoS attacks depending on skewness feature is higher than the kurtosis. Naive Bayes outperforms with respect to the thresholding method by considering the classification performance. Consequently, the proposed method is a simple, low cost and highly accurate technique based on time series analysis while using different data analysis techniques which resulted in higher classification performance for attack detection.