Zero-crossing analysis of Lévy walks for real-time feature extraction: Composite signal analysis for strengthening the IoT against DDoS attacks

Abstract

This paper compares the probability similarities between a cyberattack, the distributed denial-of-service, and the mathematical model of probability, Lévy walks. This comparison aims to explore the validity of Lévy walks as a model resembling the DDoS probability features. This research also presents a method, based on the Smirnov transform, for generating synthetic data with the statistical properties of Lévy-walks. This method for synthetic data generation can be utilized for generating arbitrary prescribed probability density functions (pdf). The Smirnov transform is used to solve a cybersecurity engineering problem associated with Internet traffic. The synthetic Lévy-walk process is intertwined with sections of other distinct characteristics (uniform noise, Gaussian noise, and an ordinary sinusoid) to create a composite signal, which is then analyzed with zero-crossing rate (ZCR) within a varying-size window. This paper shows that it is possible to identify the distinct sections present in the composite signal through ZCR. The differentiation of these sections shows an increasing ZCR value as the section under analysis exhibits a higher activity or complexity (from the sinusoid, to a synthetic Lévy-walk process, and uniform and Gaussian noise, respectively). The advantages of the ZCR computation directly in the time-domain are appealing for real-time implementations. The varying window in the ZCR produces more defined values as the window size increases. The changing world of security systems is deeply considered, in an approach for its improvement. This as our society is highly dependent on electronically interconnected systems-of-systems demanding operational robustness and security. The approach proposed for providing a higher degree of security aiming to the development of cognitive security systems.