Abstract
Although the prevention of Distributed Denial of Service (DDoS) attacks is not possible, detection of such attacks plays main role in preventing their progress. In the flooding attacks, especially new sophisticated DDoS, the attacker floods the network traffic toward the target computer by sending pseudo-normal packets. Therefore, multi-purpose IDSs do not offer a good performance (and accuracy) in detecting such kinds of attacks.
In this paper, a novel method for detection of DDoS attacks has been introduced based on a statistical pre-processor and an unsupervised artificial neural net. In addition, SPUNNID system has been designed based on the proposed method. The statistical pre-processing has been used to extract some statistical features of the traffic, showing the behavior of DDoS attacks. The unsupervised neural net is used to analyze and classify them as either a DDoS attack or normal. Moreover, the method has been more investigated using attacked network traffic, which has been provided from a real environment. The experimental results show that SPUNNID detects DDoS attacks accurately and efficiently.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Amini, M., Jalili, R.: Network-Based Intrusion Detection Using Unsupervised Adaptive Resonance Theory (ART). In: Proceedings of the 4th Conference on Engineering of Intelligent Systems (EIS 2004), Madeira, Portugal (2004)
Gil, T.M., Poletter, M.: Multops: a data-structure for bandwidth attack detection. In: Proceedings of USENIX Security Symposium 2001 (2001)
Kaizaki, R., Cho, K., Nakamura, O.: Detection Denial of Service Attacks Using AGURI. In: International Conference Telecommunications, Beijing China (June 2002)
Peng, T., Leckie, C., Kotagiri, R.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference (Networking 2004), Athens, Greece (2004)
Bazek, R., Kim, H., Rozovskii, B., Tartakovsky, A.: A novel approach to detection of enial-of-service attacks via adaptive sequential and batch-sequential change-point methods. In: IEEE Systems, Man and Cybernetics Information Assurance Workshop (June 2001)
Noh, S., Lee, C., Jung, G., Choi, K.: Using Inductive Learning for the Detection of Distributed Denial of Service Attacks. In: International Conference on Advances in Infrastructure for Electronic Business, Education, Science, Medicine and Mobile Technologies on the Internet (2003)
Ming Li, L.: An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition. In: Computers & Security, vol. 23(7). Elsevier, Amsterdam (2004), ISSN 0167-4048
Hussain, A., Heidemann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceedings of the ACM SIGCOMM Conference, Karlsruhe, Germany, August 2003, pp. 99–110 (2003)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: DARPA Information Survivability Conference and Exposition (2003)
Jin, S., Yeung, D.S.: A Covariance Analysis Model for DDoS Attack Detection. IEEE Communications Society (2004)
Mihui, K., Hyunjung, N., Kijoon, C., Hyochan, B., Jungchan, N.: A Combined Data Mining Approach for DDoS Attack Detection. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 943–950. Springer, Heidelberg (2004)
Gavrilis, D., Tsoulos, I., Dermatas, E.: Feature selection for robust detection of distributed Denial-of-Service attacks using genetic algorithm. In: Vouros, G.A., Panayiotopoulos, T. (eds.) SETN 2004. LNCS (LNAI), vol. 3025, pp. 276–281. Springer, Heidelberg (2004)
Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings of National Information Systems Security Conference (1998)
Rhodes, B.C., Mahaffey, J.A., Cannady, J.D.: Multiple Self-Organizing Maps for Intrusion Detection. In: Proceedings of 23rd National Information Systems Security Conference (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jalili, R., Imani-Mehr, F., Amini, M., Shahriari, H.R. (2005). Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-31979-5_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)