Improving Learning Skills in Detection of Denial of Service Attacks with Newcombe - Benford's Law using Interactive Data Extraction and Analysis

• Published in: TEM Journal Vol. 11; no. 2; pp. 527 - 534
• Main Authors: Hajdarević, Kemal, Pattinson, Colin, Bešić, Ingmar
• Format: Journal Article
• Language: English
• Published: Novi Pazar UIKTEN - Association for Information Communication Technology Education and Science 01.05.2022
• Subjects: Automation; Denial of service attacks; Electrical engineering; Ethernet; ICT Information and Communications Technologies; Security management; Software; NewcombeBenford law; SNMP; DoS; RMON; MIB
• ISSN: 2217-8309; 2217-8333
• DOI: 10.18421/TEM112-05

Denial of Service attacks and the distributed variant of this type of attack called DDoS are attack types which are easy to start but hard to stop especially in the DDoS case. The significance of this type of attack is that attackers use a large number of packets usually created with programs and scripts for creating specially crafted types of packets for different types of attack such as SYN flood, ICMP smurf, etc. These packets have similar or identical attributes such as length of packets, interval time, destination port, TCP flags etc. Skilled engineers and researchers use these packet attributes as indicators to detect anomalous packets in network traffic. For fast detection of anomalous packets in legitimate traffic we proposed Interactive Data Extraction and Analysis with Newcombe-Benford power law which is able to detect matching first occurrences of leading digits – size of each packet that indicate usage of automated scripts for attack purposes. Power law can be used to detect the same first two, three, or second digits, last one or two digits in data set etc. We used own data set, and real devices.