A Framework For The Status Estimation In Distributed Denial-Of-Service Attacks By Data Fusion Of Human-And-Technical Sensors Based On Fuzzy Logic

Cyber attackers are able to have a significant impact on the computer networks’ hosts by using DDoS attacks. whereas, defenders use different defensive methods to defend themselves. In such circumstances, it is difficult to determine the network status of the defender (victim). In order to assess the cyber battle scene, it is necessary to evaluate the attacker and defender. The focus of this paper is to provide a framework to assess the status of the victim. In this study, monitoring of the victim is done by using different types of cyber sensors including both technical and human sensors through modeling and simulation. Initially, we review the cyberspace sensors, such as news sites, social networks, reports of the people and technical sensors. The attributes of each sensor are extracted and finally the importance of each feature is evaluated by using the experts’ analytic hierarchy process. Then the combination of attributes for each of the sensors is formed and status of the victim corresponding to the features is determined. The conditions of data fusion using the methods based on fuzzy logic are provided. Implementation of three scenarios show that the proposed method has the desired performance. In the first scenario, in which there was no attack, data fusion sensors have correctly estimated with a probability of 99.3%. In the second scenario, in which the server provides the service slowly and under pressure estimates with probability of 78.6%. In the third scenario, in which the server is under effective attack, data fusion sensors with a probability of 84.2% have estimated correctly. The lack of information about each of the sensors will cause conditions for uncertainty. In this study, we have evaluated 15 different cases. The results show that the proposed method for situation awareness of the host under attack has appropriate evaluation capabilities.