Abstract
A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Reed, M.: Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. SANS Institute InfoSec Reading Room (2011), http://www.sans.org/reading-room/whitepapers/detection
Troj/Flood-IM. Backdoor DDoS Trojan. Detected by Sophas, https://secure2.sophos.com/
Alomari, E., Gupta, B.B., Karuppayah, S.: Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications 2012, 24–32 (2012)
Mitchell, T.M.: Machine Learning, 1st edn., ch. 3,4,6,7, pp. 52–78, 81–117, 128–145, 157–198. McGraw-Hill Science/Engineering/Math., New York (1997)
Prolexic, Global Leader in DDoS Protection and Mitigation. (2003), http://www.prolexic.com
Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2nd International Symposium on Aware Computing (ISAC), Tainan, November 1-4, pp. 196–199 (2010)
Akilandeswari, V., Shalinie, S.M.: Probabilistic Neural Network based attack traffic classification. In: Fourth International Conference on Advanced Computing (ICoAC), Chennai, December 13-15, pp. 1–8 (2012)
Siaterlis, C., Maglaris, V.: Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. In: Proceedings of the 10th IEEE Symposium. on Computers and Communications (ISCC), June 27-30, pp. 469–475 (2005)
Gupta, B.B., Joshi, C., Misra, M.: ANN Based Scheme to Predict Number of Zombies in a DDoS Attack. International Journal of Network Security 13(3), 216–225 (2011)
Badishi, G., Keidar, I., Romanov, O., Yachin, A.: Denial of Service? Leave it to Beaver. Project supported by Israeli Ministry of Science, pp. 3–14 (2006)
Shi, E., Stoica, I., Andersen, D., Perrig, D.: OverDoSe: A Generic DDoS Protection Service Using an Overlay Network. Technical report CMU-CS-06-114, pp. 2–12 (2006), http://www.cs.umd.edu/~elaine/docs/overdose.ps
Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions on Parallel and Distributed Systems 18(12), 1649–1662 (2007)
Al-Duwairi, B., Manimaran, G.: A novel packet marking scheme for IP traceback. In: Proceedings of the Tenth International Conference on Parallel and Distributed Systems (ICPADS), July 7-9, pp. 195–202 (2004)
Gong, C., Sarac, K.: A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking. IEEE Trans. on Parallel and Distributed System 19(10), 1310–1324 (2008)
Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS Attacks Using Entropy Variations. Transactions on Parallel and Distributed Systems 22(3), 412–425 (2011)
Novak, J., Northcutt, S.: Network Intrusion Detection, 3rd edn. Sams, pp. 8–30 (2002)
Stuttgart Neural Network Simulator, University of Stuttgart (Version 4.1) (1995), http://www.nada.kth.se/~orre/snns-manual/
Pino, M.: A Theoretical & Practical Introduction to Self Organization using JNNS. University of Applied Sciences Brandenburg (September 2005)
Jayalakshmi, T., Santhakumaran, A.: Statistical Normalization and Back Propagation for Classification. International Journal of Computer Theory and Engineering 3(1), 89–93 (2011)
Zhang, Q., Sun, S.: Weighted Data Normalization Based on Eigenvalues for Artificial Neural Network Classification. In: Leung, C.S., Lee, M., Chan, J.H. (eds.) ICONIP 2009, Part I. LNCS, vol. 5863, pp. 349–356. Springer, Heidelberg (2009)
Wallen, J.: IPTraf (Version 3.0) “Open Source project” (September 2005), http://iptraf.seul.org
Bedón, C., Saied, A.: Snort-AI (Version 2.4.3) “Open Source project” (January 2009), http://snort-ai.sourceforge.net/index.php
Roesch, M.: Snort (Version 2.9) “Open Source Project” (1998), http://www.snort.org
Russell, R.: iptables (Version 1.4.21) “Open Source project” (1998), http://ipset.netfilter.org/iptables.man.html
Leu, F., Pai, C.: Detecting DoS and DDoS Attacks Using Chi-Square. In: Fifth International Conference on Information Assurance and Security (IAS 2009), Xian, August 18-20, pp. 225–258 (2010)
Xu, X., Wei, D., Zhang, Y.: Improved Detection Approach for Distributed Denial of Service Attack Based on SVM. In: 2011 Third Pacific-Asia Conference on Circuits, Communications and Systems (PACCS), Wuhan, July 17-18, pp. 1–3 (2011)
Jie-Hao, C., Feng-Jiao, C., Zhang: DDoS defense system with test and neural network. In: IEEE International Conference on Granular Computing (GrC), Hangzhou, China, August 11-13, pp. 38–43 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Saied, A., Overill, R.E., Radzik, T. (2014). Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept. In: Corchado, J.M., et al. Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. The PAAMS Collection. PAAMS 2014. Communications in Computer and Information Science, vol 430. Springer, Cham. https://doi.org/10.1007/978-3-319-07767-3_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-07767-3_28
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07766-6
Online ISBN: 978-3-319-07767-3
eBook Packages: Computer ScienceComputer Science (R0)