Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web-Age Information Management

WAIM 2005: Advances in Web-Age Information Management pp 333–344Cite as

Intrusion Detection of DoS/DDoS and Probing Attacks for Web Services

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3739))

Abstract

The (Distributed) Denial of Service (DoS/DDoS) attacks have become the main devastating threats to web services, and generally, the Probing attacks are the prior steps of DoS/DDoS attacks. To achieve the aim of the information assurance, an intrusion detection mechanism based on the Vector Quantization (VQ) technique is proposed for countering DoS/DDoS and Probing attacks in this paper. The normal network traffic usage profile can be modeled and represented by the codebook of VQ from which the abnormal behavior deviation of TCP traffic can be measured quantitatively well. In data processing, according to the characters of DoS/DDoS and Probing attacks, we implement the novel feature extraction of TCP flow state. We apply the detection mechanism to DARPA Intrusion Detection Evaluation Data Set. It is shown that the network attacks are detected with more efficiency and relatively low false alarms.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Usenix Security Symposium, Washington, D.C., pp. 401–414 (2001)

    Google Scholar 

  2. Gray, R., Neuhoff, D.L.: Quantization. IEEE Transactions on Information Theory 44, 2325–2384 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  3. Denning, D.E.: An Intrusion-detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  4. Eskin, E., Arnold, A., Prerau, M.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)

    Google Scholar 

  5. Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proceedings of the 2003 Symposium on Applications and the Internet, pp. 119–123 (2003)

    Google Scholar 

  6. Qiao, Y., Xin, X.W., Bin, Y., Ge, S.: Anomaly Intrusion Detection Method Based on HMM. Electronics Letters 38(13), 663–664 (2002)

    Article  Google Scholar 

  7. Bonifaco, J.M., Moreira, E.S.: An Adaptive Intrusion Detection System Using Neural Network. Research Report, UNESP, Brazil (1997)

    Google Scholar 

  8. http://www.snort.org

  9. Linde, Y., Buzo, A., Gray, R.M.: An Algorithm for Vector Quantizer Design. IEEE Transactions on Communications 28(1), 84–95 (1980)

    Article  Google Scholar 

  10. Ueda, N., Nakano, R.: A New Competitive Learning Approach Based on an Equidistortion Principle for Designing Optimal Vector Quantizers. IEEE Transactions on Neural Networks 7(8), 1211–1227 (1994)

    Google Scholar 

  11. Kohonen, T.: Self-Organization Maps, 3rd edn. Springer, Berlin (1997)

    Google Scholar 

  12. Mitchell, T.: Machine Learning. McGraw Hill, New York (1997)

    MATH  Google Scholar 

  13. http://www.ll.mit.edu/IST/ideval/index.html

  14. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks 34(4), 579–595 (1999)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Research Center of Computer Network and Information Security Technique, Harbin Institute of Technology, P.O.Box 320, Harbin, 150001, China

    Jun Zheng & Ming-zeng Hu

Authors
  1. Jun Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ming-zeng Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Edinburgh & Bell Laboratories,  

    Wenfei Fan

  2. College of Computer Science, Zhejiang University, 310027, Hangzhou, Zhejiang, China

    Zhaohui Wu

  3. Dept. of E. I. E, Huazhong University of Science and Technology, Wuhan, China

    Jun Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zheng, J., Hu, Mz. (2005). Intrusion Detection of DoS/DDoS and Probing Attacks for Web Services. In: Fan, W., Wu, Z., Yang, J. (eds) Advances in Web-Age Information Management. WAIM 2005. Lecture Notes in Computer Science, vol 3739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563952_30

Download citation

  • DOI: https://doi.org/10.1007/11563952_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29227-2

  • Online ISBN: 978-3-540-32087-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation