Real-time DDoS detection based on predictive multi- and polyscale metrics for cyber-physical systems internet traffic

dc.contributor.authorTerrazas Gonzalez, Jesus David
dc.contributor.examiningcommitteeHossain, Ekram (Electrical and Computer Engineering) Pistorius, Stephen (Physics and Astronomy) Yao, Yiyu (University of Regina)en_US
dc.contributor.supervisorKinsner, Witold (Electrical and Computer Engineering)en_US
dc.date.accessioned2021-06-10T15:26:01Z
dc.date.available2021-06-10T15:26:01Z
dc.date.copyright2021-06-09
dc.date.issued2021-06-07en_US
dc.date.submitted2021-06-09T22:29:05Zen_US
dc.degree.disciplineElectrical and Computer Engineeringen_US
dc.degree.levelDoctor of Philosophy (Ph.D.)en_US
dc.description.abstractThis research investigates the appropriateness of Information-Theoretic-Based (ITB) metrics compliant with finite sense stationarity (FSS) and derived from the Variance Fractal Dimension Trajectory (VFDT), to augment network security against traffic anomalies. From the distinct and vast cyberattacks (infection, exploitation, probing, deception, cracking, concurrency, and unknown) types, this research focuses in those stemming from concurrency and specifically in Distributed Denial-of-Service (DDoS) cyberattacks. In this research, the design and application of robust methodologies and metrics to achieve powerful descriptors is pursued. The strength of ITB metrics, applied in alternate research areas like steganography, is a robust justification for this study. The usage of ITB metrics, rooted in multi- and polyscale analysis, for detecting network disruptions is novel in the network security area. This thesis introduces a novel multiscale analysis methodology, multiscalors, which permits the usage of arbitrary operators and transforms to be functional in the multiscale domain for inspecting complex signals. Multiscalors provide an analysis depth and insights into the signals that exceeds by far what other types of monoscale based analysis offer. Multiscale-based metrics have been scarcely utilized in the cybersecurity ecosystem. This thesis also showcases specific applications of metrics and methodologies powered by multiscale analysis for DDoS detection. The methodology presented formulates robust features, based on multi- and polyscale analysis, and successfully classifies DDoS disruptions. Such methodology integrates knowledge from: (i) Data acquisition, by verifying DDoS instances and deriving complementary data from them; (ii) design and implementation of ITB metrics, based on multiscalors operators for analysis; (iii) feature extraction, by applying such metrics to the PREDICT datasets, (iv) preparation of feature vectors that are highly representative of the Internet traffic characteristics carrying DDoS cyberattacks, and (v) classification of anomalies through Adaptive Resonance Theory (ART) as a non-supervised neural network that has provided the real-time component in the detection of DDoS attacks establishing the time classification in the one second mark. Concerning ART, through this research a new methodology, parametogram, for properly defining the vigilance parameter for both classification approaches used, ART1 and FuzzyART, has been designed, tested, and validated. Applications of the multiscalors based metrics in this research target Cyber-Physical-Social Systems (CPSS), e.g., Industrial Internet-of-Things (IIoT) sustained by the fact of the usage of non-simulated Internet traffic, which contains legitimate DDoS attacks. This research corroborated the detection of anomalies in Internet traffic with a high classification precision for which the multiscalor methodology is essential for extracting relevant features characterizing the DDoS cyberattacks examined.en_US
dc.description.noteOctober 2021en_US
dc.identifier.urihttp://hdl.handle.net/1993/35693
dc.language.isoengen_US
dc.rightsopen accessen_US
dc.subjectAdaptive Resonance Theoryen_US
dc.subjectARTen_US
dc.subjectArtificial Intelligenceen_US
dc.subjectART1en_US
dc.subjectCyberattacksen_US
dc.subjectCyberdefenceen_US
dc.subjectCyber-Physical Social Systemsen_US
dc.subjectCyber-Physical Systemsen_US
dc.subjectCybersecurityen_US
dc.subjectDDoSen_US
dc.subjectDetectionen_US
dc.subjectDistributed Denial of Serviceen_US
dc.subjectFeature Extractionen_US
dc.subjectIIoTen_US
dc.subjectIndustrial Internet-of-Thingsen_US
dc.subjectInternet-of-Thingsen_US
dc.subjectInternet Trafficen_US
dc.subjectIoTen_US
dc.subjectMachine Learningen_US
dc.subjectMultiscaleen_US
dc.subjectMultiscalorsen_US
dc.subjectFuzzyARTen_US
dc.subjectParametogramen_US
dc.subjectPolyscaleen_US
dc.subjectReal-Timeen_US
dc.titleReal-time DDoS detection based on predictive multi- and polyscale metrics for cyber-physical systems internet trafficen_US
dc.typedoctoral thesisen_US
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Terrazas_David.pdf
Size:
14.35 MB
Format:
Adobe Portable Document Format
Description:
Thesis | David Terrazas
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
2.2 KB
Format:
Item-specific license agreed to upon submission
Description: