Abstract
A DDoS attack saturates a network by overwhelming the network resources with an immense volume of traffic that prevent the normal users from accessing the network resources. When Intrusion Detection Systems are used, a huge number of alerts will be generated and these alerts consist of both False Positives and True Positives. Due to huge volume of attack traffic, there is a possibility of occurring more False Positives than True Positives which is difficult for the network analyst to classify the original attack and take remedial action. This paper focuses on development of alert classification system to classify False Positives and True Positives related to DDoS attacks. It consists of five phases : Attack Generation, Alert Collection, Alert Fusion, Alert Generalization and Alert classification. In Attack Generation, DDoS attacks are generated in experimental testbed. In Alert Collection, snort IDS will be used to generate alerts for the generated traffic in testbed and alerts are collected. In Alert Fusion, the repeated alerts will be fused together to form meta alerts. In Alerts Generalization, the alerts indicating traffic towards the servers will be taken for further analysis. In Alert Classification, using fuzzy inference system the alerts will be classified as True Positives and False Positives. This reduces the difficulty of the network analyst by eliminating the false positives. This system is tested using an experimental testbed.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Pietraszek, T., Tanner, A.: Data mining and machine learning-Towards reducing false positives in intrusion detection. Information Security Technical Report 10, 169–183 (2005)
Pietraszek, T.: Using adaptive alert classification to reduce false positives in intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 102–124. Springer, Heidelberg (2004)
Kruegel, C., Robertson, W., Vigna, G.: Using alert verification to identify successful intrusion attaempts. K.G. Saur Verlag, Munchen (2004)
Helmer, G., Wong, J.S.K., Honavar, V., Miller, L.: Automated discovery of concise predictive rules for intrusion detection. The Journal of Systems and Software 60(2), 165–175 (2002)
Debar, H., Wespi, A.: Aggregation and correlation of intrusion detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems, PhD thesis, Columbia University (1999)
Cohen, W.W.: Fast effective rule induction. In: Prieditis, A., Russell, S. (eds.) Proceedings of the 12th International Conference on Machine Learning, Tahoe City, CA, pp. 115–123. Morgan Kaufmann Publishers, San Francisco (1995)
Howard, J.D., Longstaff, T.A.: A common language for computer security incidents, Technical report, CERT (1998)
Cohen, W.W.: Fast effective rule induction. In: Prieditis, A., Russell, S. (eds.) Proceedings of the 12th International Conference on Machine Learning, Tahoe City, CA, pp. 115–123. Morgan Kaufmann Publishers, San Francisco (1995)
Helmer, G., Wong, J.S.K., Honavar, V., Miller, L.: Automated discovery of concise predictive rules for intrusion detection. The Journal of Systems and Software 60(2), 165–175 (2002)
Gomez, J., Dasgupta, D.: Evolving Fuzzy Classifiers for Intrusion Detection. In: Proceedings of the 2002 IEEE Workshop on Information Assurance (2002)
Toosi, A.N., Kahani, M., Monsefi, R.: Network Intrusion Detection Based on Neuro-Fuzzy Classification. In: Proceedings of IEEE International Conference on Computing and Informatics. IEEE, Los Alamitos (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Subbulakshmi, T., Mercy Shalinie, S., Suneel Reddy, C., Ramamoorthi, A. (2010). Detection and Classification of DDoS Attacks Using Fuzzy Inference System. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds) Recent Trends in Network Security and Applications. CNSA 2010. Communications in Computer and Information Science, vol 89. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14478-3_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-14478-3_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14477-6
Online ISBN: 978-3-642-14478-3
eBook Packages: Computer ScienceComputer Science (R0)