การตรวจหาการบุกรุกเครือข่ายด้วยแผนภูมิควบคุมค่าเฉลี่ยเคลื่อนที่ของค่าถ่วงน้ำหนักเลขชี้กำลัง

Abstract

Computer network attacks have been occurring more frequently with the growth of the internet. The types of attacks have evolved from those of the past, causing difficulties for network attack detection. This thesis proposes an algorithm for network anomaly detection of a Pulse wave Distributed Denial of service attack (Pulse wave DDoS) by applying Shannon entropy encoding to source port data. The encoding data are used to design a control chart which uses an exponentially weighted moving average. The capacity of our control chart depends on three parameters including group, subgroup, and threshold values. The testing data are categorized into two major patterns. The first patterns consist of four customized attack patterns. The second patterns were random attacks that varied both the position and interval of the attack times. The random patterns were generated by a uniform distribution determined by the standard deviation, a = {5,15,30}. The experimental results show that our proposed algorithm is able to detect the anomaly attack of Pulse wave DDoS for both customized and random attack patterns.