Detection of Denial-of-Service Attacks Based on Computer Vision Techniques

Detection of Denial-of-Service (DoS) attacks has attracted researchers since 1990s. A variety of detection systems has been proposed to achieve this task. Unlike the existing approaches based on machine learning and statistical analysis, the proposed system treats traffic records as images and detection of DoS attacks as a computer vision problem. A multivariate correlation analysis approach is introduced to accurately depict network traffic records and to convert the records into their respective images. The images of network traffic records are used as the observed objects of our proposed DoS attack detection system, which is developed based on a widely used dissimilarity measure, namely Earth Mover's Distance (EMD). EMD takes cross-bin matching into account and provides a more accurate evaluation on the dissimilarity between distributions than some other well-known dissimilarity measures, such as Minkowski-form distance L-p and X-2 statistics. These unique merits facilitate our proposed system with effective detection capabilities. To evaluate the proposed EMD-based detection system, ten-fold cross-validations are conducted using KDD Cup 99 dataset and ISCX 2012 IDS Evaluation dataset. The results presented in the system evaluation section illustrate that our detection system can detect unknown DoS attacks and achieves 99.95 percent detection accuracy on KDD Cup 99 dataset and 90.12 percent detection accuracy on ISCX 2012 IDS evaluation dataset with processing capability of approximately 59,000 traffic records per second.