摘要(英) |
In the recent years, global investment in FinTech increase rapidly. Some financial companies use technology to improve their service. For example, the retail banking website
of J.P. Morgan Chase & Co. (JPM) allows customers to make online loans through their website. Because of the development, financial companies have to face more cyberattacks than before. One of the famous attack is Distributed Denial of Service (DDoS) attack. It is used to shot down the servers of financial companies, so that network services can not be used.
In order to detect DDoS attack, we propose a method to detect the distribution changes in a fraction of data streams under a large number of detectors. It can be seem as monitoring a large number of routers at the same time, and each router receives network traffic. When hacker launch an attack, a fraction of routers will receive abnormal traffic. Our task is to detect the change as quickly as possible, to reduce the loss. In this paper,
we show how the nearly optimal detection delay depends on the fraction of data streams undergoing distribution changes as the number of detectors goes to infinity. There are three detection domains. In the first domain for moderately large fractions, immediate detection is possible. In the second domain for smaller fractions, the detection delay grows logarithmically with the number of detectors. In the third domain for even smaller fractions. |
參考文獻 |
References
[1] Ricardo O De Schmidt, Ramin Sadre, and Aiko Pras. Gaussian traffic revisited. In IFIP Networking Conference, 2013, pages 1–9. IEEE, 2013.
[2] Ozge Cepheli, Saliha Buyukcorak, and Gune? Karabulut Kurt. Hybrid intrusion detection system for ddos attacks. Journal of Electrical and Computer Engineering, 2016, 2016.
[3] Wei Lu and Issa Traore. An unsupervised approach for detecting ddos attacks based on traffic-based metrics. In Communications, Computers and signal Processing, 2005.
PACRIM. 2005 IEEE Pacific Rim Conference on, pages 462–465. IEEE, 2005.
[4] Yu Chen, Kai Hwang, and Wei-Shinn Ku. Distributed change-point detection of ddos attacks over multiple network domains. In Int. Symp. on Collaborative Technologies and Systems, pages 543–550, 2006.
[5] Aleksey S Polunchenko, Alexander G Tartakovsky, and Nitis Mukhopadhyay. Nearly optimal change-point detection with an application to cybersecurity. Sequential Analysis,
31(3):409–435, 2012.
[6] Alexander Tartakovsky, Igor Nikiforov, and Michele Basseville. Sequential analysis:
Hypothesis testing and changepoint detection. Chapman and Hall/CRC, 2014.
[7] Ewan S Page. Continuous inspection schemes. Biometrika, 41(1/2):100–115, 1954.
[8] Albert N Shiryaev. On optimum methods in quickest detection problems. Theory of
Probability & Its Applications, 8(1):22–46, 1963.
[9] Gary Lorden. Procedures for reacting to a change in distribution. The Annals of
Mathematical Statistics, pages 1897–1908, 1971.
31
[10] Moshe Pollak. Optimal detection of a change in distribution. The Annals of Statistics,
pages 206–227, 1985.
[11] Yao Xie and David Siegmund. Sequential multi-sensor change-point detection. In
Information Theory and Applications Workshop (ITA), 2013, pages 1–20. IEEE, 2013.
[12] Hock Peng Chan et al. Optimal sequential detection in multi-stream data. The
Annals of Statistics, 45(6):2736–2763, 2017.
[13] Tze Leung Lai. Sequential changepoint detection in quality control and dynamical
systems. Journal of the Royal Statistical Society. Series B (Methodological), pages
613–658, 1995.
32 |