Detection of denial-of-service attacks based on computer vision techniques

Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, Jiankun Hu

    Research output: Contribution to journalArticleAcademicpeer-review

    97 Citations (Scopus)
    190 Downloads (Pure)


    Detection of Denial-of-Service (DoS) attacks has attracted researchers since 1990s. A variety of detection systems has been proposed to achieve this task. Unlike the existing approaches based on machine learning and statistical analysis, the proposed system treats traffic records as images and detection of DoS attacks as a computer vision problem. A multivariate correlation analysis approach is introduced to accurately depict network traffic records and to convert the records into the respective images. The images of network traffic records are used as the observed objects of our proposed DoS attack detection system, which is developed based on a widely used dissimilarity measure, namely Earth Mover’s Distance (EMD). EMD takes cross-bin matching into account and provides a more accurate evaluation on the dissimilarity between distributions than some other well-known dissimilarity measures, such as Minkowskiform distance Lp and X2 statistics. These unique merits facilitate our proposed system with effective detection capabilities. To evaluate the proposed EMD-based detection system, ten-fold cross-validations are conducted using KDD Cup 99 data set and ISCX 2012 IDS Evaluation data set. The results presented in the system evaluation section illustrate that our detection system can detect unknown DoS attacks and achieves 99.95% detection accuracy on KDD Cup 99 data set and 90.12% detection accuracy on ISCX 2012 IDS evaluation data set with processing capability of approximately 59,000 traffic records per second.
    Original languageEnglish
    Pages (from-to)2519-2533
    Number of pages14
    JournalIEEE transactions on computers
    Issue number9
    Publication statusPublished - 2015


    • EWI-25297
    • SCS-Cybersecurity
    • Computer Vision
    • IR-92851
    • anomaly-based detection
    • Earth mover’s distance
    • METIS-312454
    • Denial of service


    Dive into the research topics of 'Detection of denial-of-service attacks based on computer vision techniques'. Together they form a unique fingerprint.

    Cite this