Abstract A monitoring mechanism is vital for detecting malicious attacks against cyber systems. Detecting denial of service (DOS) and distributed DOS (DDOS) is one of the most important security challenges facing network technologies. This paper introduces a reliable detection mechanism based on the continuous ranked probability score (CRPS) statistical metric and exponentially smoothing (ES) scheme for enabling efficient detection of DOS and DDOS attacks. In this regard, the CRPS is used to quantify the dissimilarity between a new observation and the distribution of normal traffic. The ES scheme, which is sensitive in detecting small changes, is applied to CRPS measurements for anomaly detection. Moreover, in CRPS-ES approach, a nonparametric decision threshold computed via kernel density estimation is used to suitably detect anomalies. Tests on three publically available datasets proclaim the efficiency of the proposed mechanism in detecting cyber-attacks.

中文翻译：

---

使用有效的基于测量的统计机制进行 DDOS 攻击检测

摘要 监控机制对于检测对网络系统的恶意攻击至关重要。检测拒绝服务 (DOS) 和分布式 DOS (DDOS) 是网络技术面临的最重要的安全挑战之一。本文介绍了一种基于连续排序概率分数 (CRPS) 统计度量和指数平滑 (ES) 方案的可靠检测机制，以实现对 DOS 和 DDOS 攻击的有效检测。在这方面，CRPS 用于量化新观察和正常流量分布之间的差异。ES 方案对检测微小变化很敏感，适用于异常检测的 CRPS 测量。此外，在 CRPS-ES 方法中，通过核密度估计计算的非参数决策阈值用于适当地检测异常。