Skip to main content
SpringerLink
Log in
Book cover

International Conference on Practical Applications of Agents and Multi-Agent Systems

PAAMS 2014: Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. The PAAMS Collection pp 309–320Cite as

Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 430))

Abstract

A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Reed, M.: Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. SANS Institute InfoSec Reading Room (2011), http://www.sans.org/reading-room/whitepapers/detection

  2. Troj/Flood-IM. Backdoor DDoS Trojan. Detected by Sophas, https://secure2.sophos.com/

  3. Alomari, E., Gupta, B.B., Karuppayah, S.: Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications 2012, 24–32 (2012)

    Article  Google Scholar 

  4. Mitchell, T.M.: Machine Learning, 1st edn., ch. 3,4,6,7, pp. 52–78, 81–117, 128–145, 157–198. McGraw-Hill Science/Engineering/Math., New York (1997)

    Google Scholar 

  5. Prolexic, Global Leader in DDoS Protection and Mitigation. (2003), http://www.prolexic.com

  6. Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2nd International Symposium on Aware Computing (ISAC), Tainan, November 1-4, pp. 196–199 (2010)

    Google Scholar 

  7. Akilandeswari, V., Shalinie, S.M.: Probabilistic Neural Network based attack traffic classification. In: Fourth International Conference on Advanced Computing (ICoAC), Chennai, December 13-15, pp. 1–8 (2012)

    Google Scholar 

  8. Siaterlis, C., Maglaris, V.: Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. In: Proceedings of the 10th IEEE Symposium. on Computers and Communications (ISCC), June 27-30, pp. 469–475 (2005)

    Google Scholar 

  9. Gupta, B.B., Joshi, C., Misra, M.: ANN Based Scheme to Predict Number of Zombies in a DDoS Attack. International Journal of Network Security 13(3), 216–225 (2011)

    Google Scholar 

  10. Badishi, G., Keidar, I., Romanov, O., Yachin, A.: Denial of Service? Leave it to Beaver. Project supported by Israeli Ministry of Science, pp. 3–14 (2006)

    Google Scholar 

  11. Shi, E., Stoica, I., Andersen, D., Perrig, D.: OverDoSe: A Generic DDoS Protection Service Using an Overlay Network. Technical report CMU-CS-06-114, pp. 2–12 (2006), http://www.cs.umd.edu/~elaine/docs/overdose.ps

  12. Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions on Parallel and Distributed Systems 18(12), 1649–1662 (2007)

    Article  Google Scholar 

  13. Al-Duwairi, B., Manimaran, G.: A novel packet marking scheme for IP traceback. In: Proceedings of the Tenth International Conference on Parallel and Distributed Systems (ICPADS), July 7-9, pp. 195–202 (2004)

    Google Scholar 

  14. Gong, C., Sarac, K.: A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking. IEEE Trans. on Parallel and Distributed System 19(10), 1310–1324 (2008)

    Article  Google Scholar 

  15. Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS Attacks Using Entropy Variations. Transactions on Parallel and Distributed Systems 22(3), 412–425 (2011)

    Article  Google Scholar 

  16. Novak, J., Northcutt, S.: Network Intrusion Detection, 3rd edn. Sams, pp. 8–30 (2002)

    Google Scholar 

  17. Stuttgart Neural Network Simulator, University of Stuttgart (Version 4.1) (1995), http://www.nada.kth.se/~orre/snns-manual/

  18. Pino, M.: A Theoretical & Practical Introduction to Self Organization using JNNS. University of Applied Sciences Brandenburg (September 2005)

    Google Scholar 

  19. Jayalakshmi, T., Santhakumaran, A.: Statistical Normalization and Back Propagation for Classification. International Journal of Computer Theory and Engineering 3(1), 89–93 (2011)

    Article  Google Scholar 

  20. Zhang, Q., Sun, S.: Weighted Data Normalization Based on Eigenvalues for Artificial Neural Network Classification. In: Leung, C.S., Lee, M., Chan, J.H. (eds.) ICONIP 2009, Part I. LNCS, vol. 5863, pp. 349–356. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Wallen, J.: IPTraf (Version 3.0) “Open Source project” (September 2005), http://iptraf.seul.org

  22. Bedón, C., Saied, A.: Snort-AI (Version 2.4.3) “Open Source project” (January 2009), http://snort-ai.sourceforge.net/index.php

  23. Roesch, M.: Snort (Version 2.9) “Open Source Project” (1998), http://www.snort.org

  24. Russell, R.: iptables (Version 1.4.21) “Open Source project” (1998), http://ipset.netfilter.org/iptables.man.html

  25. Leu, F., Pai, C.: Detecting DoS and DDoS Attacks Using Chi-Square. In: Fifth International Conference on Information Assurance and Security (IAS 2009), Xian, August 18-20, pp. 225–258 (2010)

    Google Scholar 

  26. Xu, X., Wei, D., Zhang, Y.: Improved Detection Approach for Distributed Denial of Service Attack Based on SVM. In: 2011 Third Pacific-Asia Conference on Circuits, Communications and Systems (PACCS), Wuhan, July 17-18, pp. 1–3 (2011)

    Google Scholar 

  27. Jie-Hao, C., Feng-Jiao, C., Zhang: DDoS defense system with test and neural network. In: IEEE International Conference on Granular Computing (GrC), Hangzhou, China, August 11-13, pp. 38–43 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, King’s College London, Strand, WC2R 2LS, UK

    Alan Saied, Richard E. Overill & Tomasz Radzik

Authors
  1. Alan Saied
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Richard E. Overill
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tomasz Radzik
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departamento Informática y Automática, Universidad de Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain

    Juan M. Corchado

  2. Department of Artificial Intelligence, Technical Univesity of Madrid, Bloque 2, Despacho 2101, Campus Montegancedo, Boadilla del Monte,, Madrid, Spain

    Javier Bajo

  3. AGH University of Science and Technology (AGH), 30-059, Krakow, Poland

    Jaroslaw Kozlak

  4. Poznan University of Technology, ul.Strzelecka 11, 60-965, Poznań, Poland

    Pawel Pawlewski

  5. Departamento de Informática, Universidad Carlos III de Madrid, Avenida de la Universidad Carlos III, 22, Colmenarejo, Madrid, Spain

    Jose M. Molina

  6. IRIT, University of Toulouse, 118 Route de Narbonne, 31062, Toulouse cedex 9, France

    Benoit Gaudou

  7. Departamento de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia, Camino de Vera s/n, 46022, Valencia, Spain

    Vicente Julian

  8. Universität Duisburg-Essen, Schützenbahn 70 (Hochhaus), 45117, Essen, Germany

    Rainer Unland

  9. Laboratório Nacional de Energia e Geologia (LNEG), Est. Paço do Lumiar 22, 1649-038, Lisbon, Portugal

    Fernando Lopes

  10. Maersk Mc-Kinney Moller Institute, University of Southern Denmark, DK-5230, Odense M, Denmark

    Kasper Hallenborg

  11. Dpt. Signal Theory, Telematics and Com-munications, University of Granada, C/ Periodista Daniel Saucedo Aranda, s/n, 18071, Granada, Spain

    Pedro García Teodoro

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Saied, A., Overill, R.E., Radzik, T. (2014). Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept. In: Corchado, J.M., et al. Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. The PAAMS Collection. PAAMS 2014. Communications in Computer and Information Science, vol 430. Springer, Cham. https://doi.org/10.1007/978-3-319-07767-3_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07767-3_28

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07766-6

  • Online ISBN: 978-3-319-07767-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation