Real-time DDoS detection based on predictive multi- and polyscale metrics for cyber-physical systems internet traffic

This research investigates the appropriateness of Information-Theoretic-Based (ITB) metrics compliant with finite sense stationarity (FSS) and derived from the Variance Fractal Dimension Trajectory (VFDT), to augment network security against traffic anomalies. From the distinct and vast cyberattacks (infection, exploitation, probing, deception, cracking, concurrency, and unknown) types, this research focuses in those stemming from concurrency and specifically in Distributed Denial-of-Service (DDoS) cyberattacks. In this research, the design and application of robust methodologies and metrics to achieve powerful descriptors is pursued. The strength of ITB metrics, applied in alternate research areas like steganography, is a robust justification for this study. The usage of ITB metrics, rooted in multi- and polyscale analysis, for detecting network disruptions is novel in the network security area. This thesis introduces a novel multiscale analysis methodology, multiscalors, which permits the usage of arbitrary operators and transforms to be functional in the multiscale domain for inspecting complex signals. Multiscalors provide an analysis depth and insights into the signals that exceeds by far what other types of monoscale based analysis offer. Multiscale-based metrics have been scarcely utilized in the cybersecurity ecosystem. This thesis also showcases specific applications of metrics and methodologies powered by multiscale analysis for DDoS detection. The methodology presented formulates robust features, based on multi- and polyscale analysis, and successfully classifies DDoS disruptions. Such methodology integrates knowledge from: (i) Data acquisition, by verifying DDoS instances and deriving complementary data from them; (ii) design and implementation of ITB metrics, based on multiscalors operators for analysis; (iii) feature extraction, by applying such metrics to the PREDICT datasets, (iv) preparation of feature vectors that are highly representative of the I