Skip to main content
SpringerLink
Log in

Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks

  • Conference paper
Information Security Practice and Experience (ISPEC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3439))

Abstract

Although the prevention of Distributed Denial of Service (DDoS) attacks is not possible, detection of such attacks plays main role in preventing their progress. In the flooding attacks, especially new sophisticated DDoS, the attacker floods the network traffic toward the target computer by sending pseudo-normal packets. Therefore, multi-purpose IDSs do not offer a good performance (and accuracy) in detecting such kinds of attacks.

In this paper, a novel method for detection of DDoS attacks has been introduced based on a statistical pre-processor and an unsupervised artificial neural net. In addition, SPUNNID system has been designed based on the proposed method. The statistical pre-processing has been used to extract some statistical features of the traffic, showing the behavior of DDoS attacks. The unsupervised neural net is used to analyze and classify them as either a DDoS attack or normal. Moreover, the method has been more investigated using attacked network traffic, which has been provided from a real environment. The experimental results show that SPUNNID detects DDoS attacks accurately and efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amini, M., Jalili, R.: Network-Based Intrusion Detection Using Unsupervised Adaptive Resonance Theory (ART). In: Proceedings of the 4th Conference on Engineering of Intelligent Systems (EIS 2004), Madeira, Portugal (2004)

    Google Scholar 

  2. Gil, T.M., Poletter, M.: Multops: a data-structure for bandwidth attack detection. In: Proceedings of USENIX Security Symposium 2001 (2001)

    Google Scholar 

  3. Kaizaki, R., Cho, K., Nakamura, O.: Detection Denial of Service Attacks Using AGURI. In: International Conference Telecommunications, Beijing China (June 2002)

    Google Scholar 

  4. Peng, T., Leckie, C., Kotagiri, R.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference (Networking 2004), Athens, Greece (2004)

    Google Scholar 

  5. Bazek, R., Kim, H., Rozovskii, B., Tartakovsky, A.: A novel approach to detection of enial-of-service attacks via adaptive sequential and batch-sequential change-point methods. In: IEEE Systems, Man and Cybernetics Information Assurance Workshop (June 2001)

    Google Scholar 

  6. Noh, S., Lee, C., Jung, G., Choi, K.: Using Inductive Learning for the Detection of Distributed Denial of Service Attacks. In: International Conference on Advances in Infrastructure for Electronic Business, Education, Science, Medicine and Mobile Technologies on the Internet (2003)

    Google Scholar 

  7. Ming Li, L.: An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition. In: Computers & Security, vol. 23(7). Elsevier, Amsterdam (2004), ISSN 0167-4048

    Google Scholar 

  8. Hussain, A., Heidemann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceedings of the ACM SIGCOMM Conference, Karlsruhe, Germany, August 2003, pp. 99–110 (2003)

    Google Scholar 

  9. Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: DARPA Information Survivability Conference and Exposition (2003)

    Google Scholar 

  10. Jin, S., Yeung, D.S.: A Covariance Analysis Model for DDoS Attack Detection. IEEE Communications Society (2004)

    Google Scholar 

  11. Mihui, K., Hyunjung, N., Kijoon, C., Hyochan, B., Jungchan, N.: A Combined Data Mining Approach for DDoS Attack Detection. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 943–950. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Gavrilis, D., Tsoulos, I., Dermatas, E.: Feature selection for robust detection of distributed Denial-of-Service attacks using genetic algorithm. In: Vouros, G.A., Panayiotopoulos, T. (eds.) SETN 2004. LNCS (LNAI), vol. 3025, pp. 276–281. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings of National Information Systems Security Conference (1998)

    Google Scholar 

  14. Rhodes, B.C., Mahaffey, J.A., Cannady, J.D.: Multiple Self-Organizing Maps for Intrusion Detection. In: Proceedings of 23rd National Information Systems Security Conference (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Sharif University of Technology, Tehran, Iran

    Rasool Jalili, Fatemeh Imani-Mehr, Morteza Amini & Hamid Reza Shahriari

Authors
  1. Rasool Jalili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fatemeh Imani-Mehr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Morteza Amini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hamid Reza Shahriari
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore

    Robert H. Deng

  2. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

  3. School of Information Systems, Singapore Management University,  

    HweeHwa Pang

  4. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jalili, R., Imani-Mehr, F., Amini, M., Shahriari, H.R. (2005). Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31979-5_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25584-0

  • Online ISBN: 978-3-540-31979-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation