Skip to main content
SpringerLink
Log in

Shapelets-Based Intrusion Detection for Protection Traffic Flooding Attacks

  • Conference paper
  • First Online:
Database Systems for Advanced Applications (DASFAA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10829))

Included in the following conference series:

Abstract

The intrusion detection for the network traffic is a technique to detect abnormal traffic flow patterns in periodic network packets. The traffic flooding attacks can be detected by the abnormal intrusion detection techniques that detects well known attack patterns. In this paper, we propose an intrusion detection way to classify normal and abnormal traffic packet pattern by converting traffic into time series data and analyzing them, and apply the information gain technique to reduce the learning execution times. That is, the normal and abnormal packet patterns are classified by applying the shapelets technique to the time-series pattern between the normal traffic and the abnormal traffic packet patterns. The experimental results show that the proposed method classifies normal patterns and traffic flooding attacks into 95% accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chung, Y., Lee, S., Jeon, T., Park, D.: Fast video encryption using the H.264 error propagation property for smart mobile devices. Sensors 15(4), 7953–7968 (2015)

    Article  Google Scholar 

  2. Lee, S., Jeong, T.: Forecasting purpose data analysis and methodology comparison of neural model perspective. Symmetry 9(7), 108 (2017)

    Article  Google Scholar 

  3. Lee, S., Kim, H., Chung, Y., Park, D.: Energy efficient image/video data transmission on commercial multi-core processors. Sensors 12(11), 14647–14670 (2012)

    Article  Google Scholar 

  4. Lee, S., Kim, H., Sa, J., Park, B., Chung, Y.: Real-time processing for intelligent-surveillance applications. IEICE Electr. Express 14(8), 20170227 (2017)

    Article  Google Scholar 

  5. Lee, S., Jeong, T.: Cloud-based parameter-driven statistical services and resource allocation in a heterogeneous platform on enterprise environment. Symmetry 8(10), 103 (2016)

    Article  Google Scholar 

  6. Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005)

    Article  Google Scholar 

  7. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: 23rd Computer Security Applications Conference, ACSAC 2007, pp. 421–430. IEEE, Miami Beach (2007)

    Google Scholar 

  8. Siddiqui, M., Wang, M.C., Lee, J.: A survey of data mining techniques for malware detection using file features. In: 46th Conference Proceedings on xx, pp. 509–510. ACM, Alabama (2008)

    Google Scholar 

  9. Tahan, G., Rokach, L., Shahar, Y.: Mal-ID: Automatic malware detection using common segment analysis and meta-features. J. Mach. Learn. Res. 13, 949–979 (2012)

    MathSciNet  MATH  Google Scholar 

  10. Wojnowicz, M., Chisholm, G., Wolff, M., Zhao, X.: Wavelet decomposition of software entropy reveals symptoms of malicious code. J. Innovation Digit. Ecosyst. 3(2), 130–140 (2016)

    Article  Google Scholar 

  11. Bilar, D.: Opcodes as predictor for malware. Int. J. Electr. Secur. Digit. Forensics 1(2), 156–168 (2007)

    Article  Google Scholar 

  12. Friedman, J., Hastie, T., Tibshirani, R.: The Elements of Statistical Learning, vol. 1, pp. 337–387. Springer, New York (2001). https://doi.org/10.1007/978-0-387-21606-5

  13. Alazab, M., Venkatraman, S., Watters, P., Alazab, M.: Zero-day malware detection based on supervised learning algorithms of API call signatures. In: 9th International Conference Proceedings on Australasian Data Mining, vol. 121, pp. 171–182. Australian Computer Society, Ballarat (2011)

    Google Scholar 

  14. Davis, A., Wolff, M.: Deep Learning on Disassembly Data. In: Black Hat, USA (2015)

    Google Scholar 

  15. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: 10th ACM SIGKDD International Conference Proceedings on Knowledge Discovery and Data Mining, pp. 470–478. ACM (2004)

    Google Scholar 

  16. Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 5(2), 40–45 (2007)

    Article  Google Scholar 

  17. Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Conference Proceedings on Security and Privacy, 2001 IEEE Symposium, pp. 38–49. IEEE, Oakland (2001)

    Google Scholar 

  18. Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Elsevier 14(1), 16–29 (2009)

    Google Scholar 

  19. Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-Miner: mining structural information to detect malicious executables in realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 121–141. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04342-0_7

    Chapter  Google Scholar 

  20. Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hacking Tech. 9(4), 179–192 (2013)

    Article  Google Scholar 

  21. Sorokin, I.: Comparing files using structural entropy. J. Comput. Virol. 7(4), 259 (2011)

    Article  MathSciNet  Google Scholar 

  22. Wojnowicz, M., Chisholm, G., Wolff, M.: Suspiciously structured entropy: wavelet decomposition of software entropy reveals symptoms of malware in the energy spectrum. In: International Conference Proceedings on FLAIRS, pp. 294–298 (2016)

    Google Scholar 

  23. O’Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)

    Article  Google Scholar 

  24. Keogh, E., Lin, J.: Clustering of time-series subsequences is meaningless: implications for previous and future research. Knowl. Inf. Syst. 8(2), 154–177 (2005)

    Article  Google Scholar 

  25. Berndt, D.J., Clifford, J.: Using dynamic time warping to find patterns in time series. In: International Conference Proceedings on Discovery Data Mining, vol. 10, pp. 359–370 (1994)

    Google Scholar 

  26. Keogh, E., Ratanamahatana, C.A.: Exact indexing of dynamic time warping. Knowl. Inf. Syst. 7(3), 358–386 (2005)

    Article  Google Scholar 

  27. Wang, X., Smith, K., Hyndman, R.: Characteristic-based clustering for time series data. Data. Min. Knowl. Discov. 13(3), 335–364 (2006)

    Article  MathSciNet  Google Scholar 

  28. MacQueen, J.: Some methods for classification and analysis of multivariate observations. In: 5th Proceedings on Berkeley symposium, vol. 1(14), pp. 281–297 (1967)

    Google Scholar 

  29. Lin, J., Khade, R., Li, Y.: Rotation-invariant similarity in time series using bag-of-patterns representation. J. Intell. Inf. Syst. 39(2), 287–315 (2012)

    Article  Google Scholar 

  30. Agrawal, R., Faloutsos, C., Swami, A.: Efficient similarity search in sequence databases. In: Lomet, D.B. (ed.) FODO 1993. LNCS, vol. 730, pp. 69–84. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57301-1_5

    Chapter  Google Scholar 

  31. Lin, J., Vlachos, M., Keogh, E., Gunopulos, D.: Iterative incremental clustering of time series. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 106–122. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24741-8_8

    Chapter  Google Scholar 

  32. Korn, F., Jagadish, H.V., Faloutsos, C.: Efficiently supporting ad hoc queries in large datasets of time sequences. In: International Conference Proceeding on Management of data, vol. 26(2), pp. 289–300. ACM, Tucson (1997)

    Google Scholar 

  33. Keogh, E., Chakrabarti, K., Pazzani, M., Mehrotra, S.: Locally adaptive dimensionality reduction for indexing large time series databases. In: International Conference Proceeding on Management of data, vol. 30(2), pp. 151–162. ACM, Santa Barbara (2001)

    Google Scholar 

  34. Chan, K.P., Fu, A.W.C.: Efficient time series matching by wavelets. In: 15th International Conference Proceedings on Data Engineering, pp. 126–133. IEEE, Sydney (1999)

    Google Scholar 

  35. Popivanov, I., Miller, R.J.: Similarity search over time-series data using wavelets. In: 18th International Conference Proceeding on Data Engineering, pp. 212–221. IEEE, San Jose (2002)

    Google Scholar 

  36. Vlachos, M., Lin, J., Keogh, E., Gunopulos, D.: A wavelet-based anytime algorithm for k-means clustering of time series. In: Proceedings Workshop on Clustering High Dimensionality Data and its Applications, pp. 23–30 (2003)

    Google Scholar 

  37. Antoniadis, A., Brossat, X., Cugliari, J., Poggi, J.M.: Clustering functional data using wavelets. Int. J. Wavelets 11(1), 1350003 (2013)

    MathSciNet  MATH  Google Scholar 

  38. Hills, J., Lines, J., Baranauskas, E., Mapp, J., Bagnall, A.: Classification of time series by shapelet transformation. Data. Min. Knowl. Discov. 28(4), 851–881 (2014)

    Article  MathSciNet  Google Scholar 

  39. Zakaria, J., Mueen, A., Keogh, E.: Clustering time series using unsupervised-shapelets. In: 12th International Conference Proceedings on Data Mining (ICDM), pp. 785–794. IEEE, Brussels (2012)

    Google Scholar 

  40. Zakaria, J., Mueen, A., Keogh, E., Young, N.: Accelerating the discovery of unsupervised-shapelets. Data. Min. Knowl. Discov. 30(1), 243–281 (2016)

    Article  MathSciNet  Google Scholar 

  41. Patri, O., Wojnowicz, M., and Wolff, M.: Discovering malware with time series shapelets. In: 50th International Conference Proceedings on System Science, Hawaii (2017)

    Google Scholar 

  42. Castro-Hernandez, D., Paranjape, R.: Classification of user trajectories in LTE HetNets using unsupervised shapelets and multiresolution wavelet decomposition. IEEE Trans. Veh. Technol. 66(9), 7934–7946 (2017)

    Article  Google Scholar 

  43. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 1999 data set. In: Computational Intelligence for Security and Defense Applications, CISDA 2009, pp. 1–6. IEEE, Ottawa (2009)

    Google Scholar 

  44. Ye, L., Keogh, E.: Time series shapelets: a new primitive for data mining. In: 15th ACM SIGKDD International Conference Proceedings on Knowledge discovery and data mining, pp. 947–956. ACM, Paris (2009)

    Google Scholar 

  45. Rakthanmanon, T., Keogh, E.: Fast shapelets: a scalable algorithm for discovering time series shapelets. In: International Conference Proceedings on Data Mining, pp. 668–676. Society for Industrial and Applied Mathematics (2013)

    Google Scholar 

  46. Gao, Y., Feng, Y., Tan, J.: Exploratory study on cognitive information gain modeling and optimization of personalized recommendations for knowledge reuse. J. Manuf. Syst. 43, 400–408 (2017)

    Article  Google Scholar 

Download references

Acknowledgment

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (2015R1C1A1A02037688).

Author information

Authors and Affiliations

  1. Department of Computer Information Science, Korea University, Sejong, 30019, Korea

    Yunbin Kim, Jaewon Sa & Sungju Lee

  2. Department of SW Contents Research Laboratory, ETRI, Daejeon, Korea

    Sunwook Kim

Authors
  1. Yunbin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaewon Sa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sunwook Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sungju Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sungju Lee .

Editor information

Editors and Affiliations

  1. Swinburne University of Technology, Hawthorn, VIC, Australia

    Chengfei Liu

  2. Peking University, Beijing, China

    Lei Zou

  3. University of Western Australia, Crawley, WA, Australia

    Jianxin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kim, Y., Sa, J., Kim, S., Lee, S. (2018). Shapelets-Based Intrusion Detection for Protection Traffic Flooding Attacks. In: Liu, C., Zou, L., Li, J. (eds) Database Systems for Advanced Applications. DASFAA 2018. Lecture Notes in Computer Science(), vol 10829. Springer, Cham. https://doi.org/10.1007/978-3-319-91455-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-91455-8_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-91454-1

  • Online ISBN: 978-3-319-91455-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation