隨著物聯網裝置的普及，分散式阻斷服務攻擊(distributed denial of service, DDoS)對其構成了巨大的威脅。這些裝置通常只具備基本的運算能力，難以承受以癱瘓硬體運算資源為主的攻擊手段。傳統的DDoS防禦方法有些已經過時，而與人工智慧結合的防禦方法則需要較多的運算資源，這對大多數物聯網裝置來說不切實際。為了提供一個更適合應用在物聯網裝置上的輕便解決方案，本研究將使用管制圖來偵測DDoS攻擊的流量異常。這種方法將受到攻擊時的流量異常視為製程中的變異，並在異常發生時即時發出警報，以便管理者採取適當的措施。由於管制圖的計算相對簡單，適合僅具備基礎運算能力的物聯網裝置。本研究採用指數Kullback-Leibler資訊管制圖監測DDoS攻擊，並引入快速初始反應機制，旨在縮短發出警報的時間，從而降低攻擊造成的損失。此外，本研究將比較不同的參數估計方法，以確保最佳偵測效果，並提出最適合物聯網裝置的參數估計方法。這種輕量化的DDoS偵測方法可以與其他防禦措施結合使用，為物聯網裝置提供更全面的安全保障。本研究探討了在初始狀態與穩定狀態下，引入快速初始反應機制對指數KLI管制圖績效的影響。實驗結果顯示，無論處於初始狀態或穩定狀態，引入快速初始反應機制皆能提升管制圖的績效。此外，本研究亦比較了不同參數估計方法對指數KLI管制圖績效的影響。結果發現，不同的參數估計方法在應對不同位移幅度時各有優劣，使用者應根據應用情境選擇最適合的參數估計方法。最後本研究以兩種不同的應用情境，比較指數KLI管制圖與x ̅管制圖的偵測DDoS攻擊時的績效。

As Internet of Things (IoT) devices continue to proliferate, Distributed Denial of Service (DDoS) attacks pose a significant threat to them. These devices generally have limited computational capabilities, making them vulnerable to attacks aimed at overwhelming hardware resources. Traditional DDoS defense methods may be outdated, while those incorporating artificial intelligence often require considerable computational resources, which is impractical for most IoT devices. To provide a more suitable and lightweight solution for IoT applications, this study proposes using control charts to detect traffic anomalies caused by DDoS attacks. This method views traffic anomalies during an attack as process variations and triggers an immediate alert when such anomalies occur, allowing administrators to take appropriate action. The simplicity of control chart calculations makes them ideal for IoT devices with basic computational capacity.
This study utilizes the Exponential Kullback-Leibler Information Control Chart to monitor DDoS attacks and incorporates a Fast Initial Response mechanism to shorten alert response times, thereby minimizing the damage caused by the attacks. Furthermore, the study compares different parameter estimation methods to ensure optimal detection effectiveness and identifies the most suitable approach for the IoT environment. This lightweight DDoS detection method can be integrated with other defense measures to provide more comprehensive security for IoT devices.
This study also examines the impact of incorporating the Fast Initial Response mechanism on the performance of the Exponential Kullback-Leibler Information Control Chart under both initial and steady-state. Experimental results indicate that the Fast Initial Response mechanism improves the control chart’s performance in both states. Furthermore, the study evaluates the effects of different parameter estimation methods on the control chart’s performance. It finds that each method has its pros and cons depending on the size of the shift, and users are advised to choose the method that best fits their specific situation.Finally this study compares the performance of the Exponential Kullback-Leibler Information control chart and the x ̅ control chart in detecting DDoS attacks under two different application scenarios.

中文文獻：
張景富，導入快速初始反應機制至Kullback-Leibler資訊管制圖，國立成功大學工業與資訊管理研究所碩士論文，民國一百一十二年六月。
英文文獻：
Abdelsayed, S., Glimsholt, D., Leckie, C., Ryan, S., & Shami, S. (2003, December). An effi-cient filter for denial-of-service bandwidth attacks. GLOBECOM'03. IEEE Global Tele-communications Conference (IEEE Cat. No. 03CH37489), 3, 1353–1357. IEEE.
Aguru, A. D., & Erukala, S. B. (2024). A lightweight multi-vector DDoS detection frame-work for IoT-enabled mobile health informatics systems using deep learning. Information Sciences, 662, 120209.
Anderson, T., Roscoe, T., & Wetherall, D. (2004). Preventing Internet denial-of-service with capabilities. ACM SIGCOMM Computer Communication Review, 34(1), 39–44.
Bagshaw, M., & Johnson, R. A. (1975). The influence of reference values and estimated vari-ance on the ARL of CUSUM tests. Journal of the Royal Statistical Society Series B: Sta-tistical Methodology, 37(3), 413–420.
Bertsekas, D., & Gallager, R. (2021). Data networks. Athena Scientific.
Bhardwaj, K., Miranda, J. C., & Gavrilovska, A. (2018). Towards IoT-DDoS prevention using edge computing. USENIX Workshop on Hot Topics in Edge Computing (HotEdge 18).
Burch, H. (2000). Tracing anonymous packets to their approximate source. 14th Systems Ad-ministration Conference (LISA 2000).
Cañón-Clavijo, R. E., Montenegro-Marin, C. E., Gaona-Garcia, P. A., & Ortiz-Guzmán, J. (2023). IoT based system for heart monitoring and arrhythmia detection using machine learning. Journal of Healthcare Engineering, 2023(1), 6401673.
Chang, Y. C., & Wu, Y. C. (2022). A parameter‐free exponential control chart based on Kull-back‐Leibler information for time‐between‐events monitoring. Quality and Reliability Engineering International, 38(2), 733–756.
Chen, R., & Park, J. M. (2005, October). Attack diagnosis: Throttling distributed deni-al-of-service attacks close to the attack sources. 14th International Conference on Com-puter Communications and Networks, 2005 (ICCCN 2005) (275–280). IEEE.
Chen, R., Park, J. M., & Marchany, R. (2006, November). RIM: Router interface marking for IP traceback. IEEE Globecom 2006 1–5. IEEE.
Doshi, R., Apthorpe, N., & Feamster, N. (2018, May). Machine learning DDoS detection for consumer Internet of Things devices. 2018 IEEE Security and Privacy Workshops (SPW) 29–35. IEEE.
Elfessi, A., & Reineke, D. M. (2001). A Bayesian look at classical estimation: The exponential distribution. Journal of Statistics Education, 9(1).
Gil, T. M., & Poletto, M. (2001). MULTOPS: A data structure for bandwidth attack detection. 10th USENIX Security Symposium (USENIX Security 01).
Huang, L. (2022). Design of an IoT DDoS attack prediction system based on data mining technology. The Journal of Supercomputing, 78(4), 4601–4623.
Hussain, F., Abbas, S. G., Husnain, M., Fayyaz, U. U., Shahzad, F., & Shah, G. A. (2020, November). IoT DoS and DDoS attack detection using ResNet. 2020 IEEE 23rd Inter-national Multitopic Conference (INMIC) 1–6. IEEE.
Javaid, U., Siang, A. K., Aman, M. N., & Sikdar, B. (2018, June). Mitigating IoT de-vice-based DDoS attacks using blockchain. Proceedings of the 1st Workshop on Crypto-currencies and Blockchains for Distributed Systems 71–76.
Jia, Y., Zhong, F., Alrawais, A., Gong, B., & Cheng, X. (2020). Flowguard: An intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet of Things Journal, 7(10), 9552–9562.
Jones, L. A., Champ, C. W., & Rigdon, S. E. (2001). The performance of exponentially weighted moving average charts with estimated parameters. Technometrics, 43(2), 156–167.
Kanagawa, A., Arizono, I., & Ohat, H. (1997). Design of the control chart based on Kull-back-Leibler information. Frontiers in Statistical Quality Control, 183–192.
Kang, J., & Zhang, J. Y. (2009, May). Application entropy theory to detect new peer-to-peer botnet with multi-chart CUSUM. 2009 Second International Symposium on Electronic Commerce and Security, 1, 470–474. IEEE.
Kim, Y., Lau, W. C., Chuah, M. C., & Chao, H. J. (2006). PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Transactions on Dependable and Secure Computing, 3(2), 141–155.
Kullback, S., & Leibler, R. A. (1951). On information and sufficiency. Annals of Mathemati-cal Statistics, 22(1), 79–86.
Kupperman, M. (1956). Further applications of information theory to multivariate analysis and statistical inference. Annals of Mathematical Statistics, 27(4), 1148–1186.
Lucas, J. M., & Crosier, R. B. (1982). Fast initial response for CUSUM quality control. Tech-nometrics, 42(1), 102–107.
Mahdi, Z., Abdalhussien, N., Mahmood, N., & Zaki, R. (2024). Detection of real-time dis-tributed denial-of-service (DDoS) attacks on Internet of Things (IoT) networks using machine learning algorithms. Computers, Materials & Continua, 80(2).
Mahadik, V. A., Wu, X., & Reeves, D. S. (2002). Detection of denial-of-QoS attacks based on χ2 statistic and EWMA control charts. http://arqos.csc.ncsu.edu/papers.htm.
Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., & Elovici, Y. (2018). N-BaIoT: Network-based detection of IoT botnet attacks using deep autoen-coders. IEEE Pervasive Computing, 17(3), 12–22.
Mirkovic, J., Prier, G., & Reiher, P. (2002, November). Attacking DDoS at the source. 10th IEEE International Conference on Network Protocols, 2002. Proceedings. 312–321. IEEE.
Park, K., & Lee, H. (2001). On the effectiveness of route-based packet filtering for distribut-ed DoS attack prevention in power-law internets. ACM SIGCOMM Computer Commu-nication Review, 31(4), 15–26.
Peng, T., Leckie, C., & Ramamohanarao, K. (2003, May). Protection from distributed denial of service attacks using history-based IP filtering. IEEE International Conference on Communications, 2003. ICC'03, 1, 482–486.
Saiyed, M. F., & Al-Anbagi, I. (2024). A genetic algorithm-and t-test-based system for DDoS attack detection in IoT networks. IEEE Access, 12, 25623–25641.
Su, J., Vasconcellos, D. V., Prasad, S., Sgandurra, D., Feng, Y., & Sakurai, K. (2018, July). Lightweight classification of IoT malware based on image recognition. 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), 2, 664–669.
Testik, M. C. (2007). Conditional and marginal performance of the Poisson CUSUM control chart with parameter estimation. International Journal of Production Research, 45(23), 5621–5638.
Wang, H., Jin, C., & Shin, K. G. (2007). Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Transactions on Networking, 15(1), 40–53.
Wu, Q., Zhang, H., & Jin, H. (2022). Lightweight unsupervised DDoS detection for IoT en-vironments. International Journal of Intelligent Systems, 37(12), 12915–12937.