Welcome to the InfoSci Platform
Reference Hub8
A Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks

A Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks

Muhammad Salman Khan, Ken Ferens, Witold Kinsner
Copyright: © 2014 |Volume: 8 |Issue: 3 |Pages: 25
ISSN: 1557-3958|EISSN: 1557-3966|EISBN13: 9781466653276|DOI: 10.4018/IJCINI.2014070104
Cite Article Cite Article

MLA

Khan, Muhammad Salman, et al. "A Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks." IJCINI vol.8, no.3 2014: pp.45-69. http://doi.org/10.4018/IJCINI.2014070104

APA

Khan, M. S., Ferens, K., & Kinsner, W. (2014). A Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks. International Journal of Cognitive Informatics and Natural Intelligence (IJCINI), 8(3), 45-69. http://doi.org/10.4018/IJCINI.2014070104

Chicago

Khan, Muhammad Salman, Ken Ferens, and Witold Kinsner. "A Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks," International Journal of Cognitive Informatics and Natural Intelligence (IJCINI) 8, no.3: 45-69. http://doi.org/10.4018/IJCINI.2014070104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Today's evolving cyber security threats demand new, modern, and cognitive computing approaches to network security systems. In the early years of the Internet, a simple packet inspection firewall was adequate to stop the then-contemporary attacks, such as Denial of Service (DoS), ports scans, and phishing. Since then, DoS has evolved to include Distributed Denial of Service (DDoS) attacks, especially against the Domain Name Service (DNS). DNS based DDoS amplification attacks cannot be stopped easily by traditional signature based detection mechanisms because the attack packets contain authentic data, and signature based detection systems look for specific attack-byte patterns. This paper proposes a chaos based complexity measure and a cognitive machine classification algorithm to detect DNS DDoS amplification attacks. In particular, this paper computes the Lyapunov exponent to measure the complexity of a flow of packets, and classifies the traffic as either normal or anomalous, based on the magnitude of the computed exponent. Preliminary results show the proposed chaotic measure achieved a detection (classification) accuracy of about 98%, which is greater than that of an Artificial Neural Network. Also, contrary to available supervised machine learning mechanisms, this technique does not require any offline training. This approach is capable of not only detecting offline threats, but has the potential of being applied over live traffic flows using DNS filters.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.