A Combined Data Mining Approach for DDoS Attack Detection

Kim, Mihui; Na, Hyunjung; Chae, Kijoon; Bang, Hyo-Chan; Na, Jung-Chan

doi:10.1007/978-3-540-25978-7_95

Cited by 33 publications

(15 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The effectiveness of the proposed technique is evaluated using KDD CUP 99 dataset and experimental analysis shows encouraging results. Shuyuan Jin, Daniel S. Yeung proposed technique which discusses the effects of multivariate correlation analysis on the DDoS detection and proposes a covariance analysis model for detecting SYN flooding attacks [3]. The simulation results show that this method is highly accurate in detecting malicious network traffic in DDoS attacks of different intensities.…”

Section: Related Workmentioning

confidence: 98%

A Combined Approach to DoS Attack Detection System

Salaskar¹,

Phursule²

2015

IJCA

View full text Add to dashboard Cite

In the network system attack like Denial of service (DoS) is forthcoming damaging attack. The performance of online servers degrades within seconds. Intensive computation on the target server is imposed due to this attack. Target Server gets flooded with large useless packets. The fatality server can be forced out of service From a few minutes to even several days. Eventually crucial business services running on the target fatality causes work down on the target fatality. So for the researchers it is very challenging task. The development of network-based detection mechanisms is the focus of the solution of this kind of attack. Based on these mechanisms in the existing detection systems, traffic transmitted over the protected networks get monitored. Mainly two methods are introduced for detection mechanism namely Misuse based and Anomaly based detection systems. But to enhance the detection rate they are not sufficient. In the proposed system the features which are directly associated with DoS attacks are extract by monitoring the network traffic. To generate geometrical triangular area measurements for normal profiles on the basis of these features the multivariate correlation analysis (MCA) model is used. To detect any unknown DoS attack in the network, these models are used as references. And furthermore to detect attack anomaly detection method is used. Only MCA and anomaly based system is not sufficient for accurate attack detection. So the inventive work behavioral based rule model integrated with MCA and anomaly, as a hybrid model used to enhance the accuracy of DoS attack detection. In proposed inventive model behavioral rules are generated for suspected packets and ultimately detection accuracy as well as detection rate get increased.

show abstract

Section: Related Workmentioning

confidence: 98%

A Combined Approach to DoS Attack Detection System

Salaskar¹,

Phursule²

2015

IJCA

View full text Add to dashboard Cite

show abstract

“…Mihui Kim, Hyunjung Na, Kijoon Chae, Hyochan Bang, and Jungchan Na proposed a technique which presents a combined data mining approach for modeling the traffic pattern of normal and diverse attacks [3]. This approach uses the automatic feature selection mechanism for selecting the important attributes.…”

Section: Related Workmentioning

confidence: 99%

Improvising DoS Attack Detection Using Multivariate Correlation Analysis

Salaskar¹,

Kale²

2014

IJIRCCE

View full text Add to dashboard Cite

Denial of service (DoS) attack is potential damaging attack which degrades the performance of online servers within seconds. This attack imposes intensive computation on the target server by flooding it with large useless packets. The target server can be forced out of service from a few minutes to even several days. This causes work down of crucial business services running on the target victim. To cope with such damaging attacks becomes challenge for the researchers. Solution for this attack mainly focuses on the development of network-based detection mechanisms. Detection systems based on these mechanisms monitor traffic transmitting over the protected networks. The proposed system monitors the network traffic to extract the features which are directly associated with DoS attacks. Based on these features, the multivariate correlation model generates geometrical triangular area measurements for normal profiles. These models are used as reference to detect any unknown DoS attack in the network. But alone MCA based system may not be accurate for attack detection. The innovative work imposes behavioral model integrated with MCA to enhance the accuracy of DoS attack detection.

show abstract

“…An unexpectedly high rate of incoming traffic is by far the most conspicuous indicator of a flooding DoS attack. Similar measurements, such as the number of packets per flow are often used in detection mechanisms [15].…”

Section: Selecting the Input Featuresmentioning

confidence: 99%

“…For example, the authors of [29] have designed the Statistical Pre-Processor and Unsupervised Neural Net based Intrusion Detector (SPUNNID), in which the statistical pre-processor is used to extract features from packets, and the feature vector is changed to numerical form and fed to an unsupervised Adaptive Resonance Theory net (ART). Neural networks for DoS detection are also used in [15], which follows a data mining approach. In [28], a scheme is presented which comprises a collector of the appropriate data fields from the incoming packets, a feature estimator that evaluates the frequencies for the encoded data, and a radial basis function neural network detector to characterise the incoming traffic as normal or DoS.…”

Section: Introductionmentioning

confidence: 99%

A Denial of Service Detector based on Maximum Likelihood Detection and the Random Neural Network

Öke

Loukas

2007

The Computer Journal

View full text Add to dashboard Cite

Citation for this version held on GALA:Oke, Gulay and Loukas, George (2007) AbstractIn spite of extensive research in defence against Denial of Service (DoS), such attacks remain a predominant threat in today's networks. Due to the simplicity of the concept and the availability of the relevant attack tools, launching a DoS attack is relatively easy, while defending a network resource against it is disproportionately difficult. The first step of any comprehensive protection scheme against DoS is the detection of its existence, ideally long before the destructive traffic build-up. In this paper we propose a generic approach for DoS detection which uses multiple Bayesian classifiers and random neural networks (RNN). Our method is based on measuring various instantaneous and statistical variables describing the incoming network traffic, acquiring a likelihood estimation and fusing the information gathered from the individual input features using likelihood averaging and different architectures of RNNs. We present and compare seven different implementations of it and evaluate our experimental results obtained in a large networking testbed.

show abstract

A Combined Data Mining Approach for DDoS Attack Detection

Cited by 33 publications

References 2 publications

A Combined Approach to DoS Attack Detection System

A Combined Approach to DoS Attack Detection System

Improvising DoS Attack Detection Using Multivariate Correlation Analysis

A Denial of Service Detector based on Maximum Likelihood Detection and the Random Neural Network

Contact Info

Product

Resources

About