Article details

Title: Detection of the Distributed New Shrew Attacks
Author(s): Paul Cotae   Myong Kang   Cristina Cica            

Abstract: We focus on the detection schemes for the New Distributed Shrew attacks based on their spectral properties. Fisher g-statistics test for one time series was used to detect low frequency periodic bursts of Shrew and New Shrew attacks. Spectral analyzer results are illustrated for Low Rate Denial of Service Attacks (LR DoS). The main contribution of this paper is the extension of Fisher g-statistic test to multiple time series. We developed an algorithm based on Fisher G-statistics test that identifies all attackers of the Distributed New Shrew attacks. Numerical examples of Fisher g-statistics test for one time series and of Fisher G-statistics test for multiple time series are provided. We have simulated the Shrew, New Shrew and Distributed New Shrew attacks with an NS-3 simulator.

Keywords: g-statistic, p-value, Fisher test, significance test, periodic content, low rate DoS attack detection, Shrew attack.

References:

[1] D.B. PERCIVAL, A.T. WALDEN – Spectral Analysis for Physical Applications: Multitaper and Conventional Univariate Techniques, Cambridge University Press, 1993
[2] S.-T. CHIU – Detecting Periodic Components in White Gaussian Time Series, Journal of the Royal Statistical Society, Series B, Vol. 51, No. 2, pp. 249-259, 1989
[3] A. ALMASARI – A New Approach for Testing Periodicity, Communications in Statistics -Theory and Methods, Vol. 40, No. 7, pp. 1196-1217, Feb. 2011
[4] M. AHDESMAKI, H. LAHDESMAKI, R. PEARSON, H. HUTTUNEN, O. YLI-HARJA – Robust Detection of Periodic Time Series Measured from Biological Systems, BMC Bioinformatics, 6:117, May 2005
[5] S. WICKERT, K. FOKIANOS, K. STRIMMER – Identifying Periodically Expressed Transcripts in Microarray Time Series Data, Bioinformatics, Vol. 20, No.1, pp. 5-20, 2004
[6] M. AHDESMAKI, H. LAHDESMAKI, O. YLI-HARJA – Robust Fisher’s Test for Periodicity Detection in Noisy Biological Time Series, IEEE International Workshop on Genomic Signal Processing and Statistics, Gustavelund, Tuusula, Finland, pp. 39-42, Jun. 10-12, 2007
[7] A.W.-C. LIEW, N.-F. LAW, X.-Q. CAO, H. YAN – Statistical Power of Fisher Test for the Detection of Short Periodic Gene Expression Profiles, Pattern Recognition, Vol. 42, No. 4, pp. 549-556, Apr. 2009
[8] D. TANG, K. CHEN, X. CHEN, H.Y. LIU, X. LI A New Detection Method based on AEWMA Algorithm for LDoS Attacks, Journal of Networks, Vol. 9, No. 11, Nov. 2014
[9] R.A. FISHERTest of Significance in Harmonic Analysis, Proc. of the Royal Society of London, Series A, Vol. 125, No. 796, pp. 54-59, Aug. 1, 1929
[10] A.A. NOWROOZITable for Fisher’s Test of Significance in Harmonic Analysis, Geophysical Journal of Royal Astronomical Society, Vol. 12, pp. 517-520, Jun. 1967
[11] A.F. SIEGELTesting for Periodicity in a Time Series, Journal of the American Statistical Association, Vol. 75, No. 370, pp. 345-348, Jun. 1980 (see also Technical Report, No. 259, Jun. 1978 prepared under contract R-042-267, for the Office of Naval Research)
[12] A.T. WALDENAsymptotic Percentage Points for Siegel’s Test Statistic for Compound Periodicities, Biometrika, Vol. 79, No. 2, pp. 438-440, Jun. 1992
[13] P. BLOOMFIELDFourier Analysis of Time Series: An Introduction, Second Edition, John Wiley&Sons, New York, NY, Feb. 2000
[14] T.W. ANDERSONThe Statistical Analysis of Time Series, New York: John Wiley & Sons, 1971
[15] J. LUO, X. YANGThe NewShrew Attack: A New Type of Low-rate TCP-Targeted DoS Attack, Proc. of the IEEE International Conference on Communications and System Security Symposium, pp. 713-718, Jun. 10-14, 2014
[16] A. KUZMANOVIC, E.W. KNIGHTLYLow Rate-Targeted Denial of Service Attacks (The Shrew vs. Mice and Elephants), pp.75-86, Proc. of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM ’03, Karlsruhe, Germany, Aug. 25-29, 2003
[17] J. LUO, X. YANG, J. WANG, J. XU, J. SUN, K. LONGOn a Mathematical Model for Low-Rate Shrew DDoS, IEEE Transactions on Information Forensics and Security, Vol. 9, No. 7, pp. 1069-1083, Jul. 2014
[18] D. TANG, K. CHEN, X. CHEN, H. LIU, X. LIA New Collaborative Detection Method for LDOS Attacks, Journal of Networks, Vol. 9, No. 10, pp. 2674-2681, Oct. 2014
[19] Y. CHEN, H. KAI– TCP Flow Analysis for Defense against Shrew DDoS Attacks, pp. 1203-1210, Proc. of the IEEE International Conference on Communications, ICC-2007, Glasgow, Scotland, 24-28 Jun., 2007
[20] X. HE, C. PAPADOPOULUS, J. HEIDEMAN, U. MITRA, U. RIAZ, A. HUSSAINSpectral Analysis of Bottleneck Traffic, Technical Report USC/CSD-TR-05-853, University of California at San Diego, May 2005
[21] W. FELLERAn Introduction to Probability Theory and Its Applications, Vol. 1, 3rd Edition, Wiley, 1968
[22] I.B. MACNEILLTests for Periodic Components in Multiple Time Series, Biometrika, Vol. 61. No. 1, pp. 57-70, Apr. 1974
[23] I.B. MACNEILLA Test of Whether Several Time Series Share Common Periodicities, Biometrika, Vol. 64. No. 3, pp. 495-508, Dec. 1977
[24] D. JARUSKOVASiegel’s Test for Periodic Components in Multiple Time Series and Its Application in Engineering Practice, Kybernetika, Vol. 24, No. 2, pp. 130-138, Jan. 1988
[25] I. OLKIN, M. SOBELIntegral Expressions for Tail Probabilities of the Multinomial and Negative Multinomial Distributions, Biometrika, Vol. 52, No. 1/2, pp. 167-179, Jun. 1965