This repository consists of data collected and algorithm implemented on the testbed setup in SIS Lab, at the University of South Florida.
The purpose of this implementation was to test our Intrusion Detection System using a new anomaly detection algorithm called Online Discrepany Test (ODIT) . It has been proved that given sufficient data, ODIT performs asymptotically to the clairvoyant CUSUM algorithm and outperforms the more practical Generalized CUSUM (G-CUSUM) algorithm.
The testbed setup consists of 15 devices namely a computer, a tablet, 7 Node MCUs, 4 Smart Switches, an Amazon Show device and a security camera. The devices with their respective Ip addresses are listed below:- Computer - Alienware - 10.42.0.215
- Tablet - Microsoft Surface - 10.42.0.39
- Node MCU 1 - 10.42.0.38
- Node MCU 2 - 10.42.0.77
- Node MCU 3 - 10.42.0.79
- Node MCU 4 - 10.42.0.14
- Node MCU 5 - 10.42.0.93
- Node MCU 6 - 10.42.0.103
- Node MCU 7 - 10.42.0.106
- Smart Switch 1 - 10.42.0.111
- Smart Switch 2 - 10.42.0.92
- Smart Switch 3 - 10.42.0.98
- Smart Switch 4 - 10.42.0.167
- Amazon Show - 10.42.0.107
- Security Camera - 10.42.0.29
Along with these devices, we also have a Raspberry Pi 3 which acts as a server. The Ip address of Raspberry Pi is 10.42.0.36.
We implement three of the most commonly seen DDoS attacks, namely a Low Rate TCP Flooding Attack, a Low Rate ICMP Flooding attack and a High Rate UDP Flooding attack.
The data is in the form of Wireshark capture, from which additional information can be extracted based on the implementation. In this particular implementation, ODIT extracts the number of packets per second from each device as the input data.
The implementation video can be viewed here.
To cite ODIT, please refer the below paper. Yilmaz, Yasin. "Online nonparametric anomaly detection based on geometric entropy minimization." Information Theory (ISIT), 2017 IEEE International Symposium on. IEEE, 2017.