research-article

Evaluation on multivariate correlation analysis based denial-of-service attack detection system

Authors:
Zhiyuan Tan

University of Technology, Sydney, Australia and CSIRO, ICT Centre, Australia

University of Technology, Sydney, Australia and CSIRO, ICT Centre, Australia
View Profile

,
Aruna Jamdagni

University of Technology, Sydney, Australia

University of Technology, Sydney, Australia
View Profile

,
Priyadarsi Nanda

University of Technology, Sydney, Australia

University of Technology, Sydney, Australia
View Profile

,
Xiangjian He

University of Technology, Sydney, Australia

University of Technology, Sydney, Australia
View Profile

,
Ren Ping Liu

CSIRO, ICT Centre, Australia

CSIRO, ICT Centre, Australia
View Profile

SecurIT '12: Proceedings of the First International Conference on Security of Internet of ThingsAugust 2012Pages 160–164https://doi.org/10.1145/2490428.2490450

Published:17 August 2012Publication History

SecurIT '12: Proceedings of the First International Conference on Security of Internet of Things

Pages 160–164

ABSTRACT

In this paper, a Denial-of-Service (DoS) attack detection system is explored, where a multivariate correlation analysis technique based on Euclidean distance is applied for network traffic characterization and the principal of anomaly-based detection is employed in attack recognition. The effectiveness of the detection system is evaluated on the KDD Cup 99 dataset and the influence of data normalization on the performance of attack detection is analyzed in this paper as well. The evaluation results and comparisons prove that the detection system is effective in distinguishing DoS attack network traffic from legitimate network traffic and outperforms two state-of-the-art systems.

References

C. Manikopoulos and S. Papavassiliou, "Network Intrusion and Fault Detection: A Statistical Anomaly Approach," Communications Magazine, IEEE, vol. 40, pp. 76--82, 2002. Google ScholarDigital Library
M. Fugate and J. R. Gattiker, "Computer Intrusion Detection with Classification and Anomaly Detection Using SVMs," International Journal of Pattern Recognition and Artificial Intelligence, vol. 17, pp. 441--458, 2003.Google ScholarCross Ref
M. Thottan and C. Ji, "Anomaly Detection in IP Networks," Signal Processing, IEEE Transactions on, vol. 51, pp. 2191--2204, 2003. Google ScholarDigital Library
H. Wang, et al., "Change-point Monitoring for the Detection of DoS Attacks," IEEE Transactions on Dependable and Secure Computing, pp. 193--208, 2004. Google ScholarDigital Library
S. T. Sarasamma, et al., "Hierarchical Kohonenen Net for Anomaly Detection in Network Security," Systems, Man, and Cybernetics, Part B: Cybernetics, IEEE Transactions on, vol. 35, pp. 302--312, 2005. Google ScholarDigital Library
S. Jin, et al., "Network Intrusion Detection in Covariance Feature Space," Pattern Recognition, vol. 40, pp. 2185--2197, 2007. Google ScholarDigital Library
M. Tavallaee, et al., "A novel covariance matrix based approach for detecting network anomalies," presented at The Communication Networks and Services Research Conference, 2008. Google ScholarDigital Library
C. F. Tsai and C. Y. Lin, "A Triangle Area Based Nearest Neighbors Approach to Intrusion Detection," Pattern Recognition, vol. 43, pp. 222--229, 2010. Google ScholarDigital Library
A. Jamdagni, et al., "Intrusion Detection Using GSAD Model for HTTP Traffic on Web Services," presented at the 6^th International Wireless Communications and Mobile Computing Conference 2010. Google ScholarDigital Library
Z. Tan, et al., "A Two-tier System for Web Attack Detection Using Linear Discriminant Method," The 12th International Conference on Information and Communications Security, pp 459--471, 2010. Google ScholarDigital Library
Z. Tan, et al., "Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis," presented at the Neural Information Processing, 2011.Google Scholar
J. Cheng, et al., "KDD Cup 2001 report," ACM SIGKDD Explorations Newsletter}, vol. 3, pp. 47--64, 2002. Google ScholarDigital Library
W. Wang, et al., "Attribute Normalization in Network Intrusion Detection," presented at the 10th International Symposium on Pervasive Systems, Algorithms, and Networks 2009. Google ScholarDigital Library

Index Terms

Evaluation on multivariate correlation analysis based denial-of-service attack detection system
1. Security and privacy
  1. Network security

Recommendations

Denial of Service Attack Detection using Multivariate Correlation Analysis
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

Denial of Service (DoS)/ DDoS attack is a common and severe problem for network security researchers and practitioners. Attackers often generate attack traffic that behaves similar to normal network traffic using sophisticated attacking tools. Many ...
Read More
A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis

Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these ...
Read More
Triangle-Area-Based Multivariate Correlation Analysis for Effective Denial-of-Service Attack Detection
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

Cloud computing plays an important role in current converged networks. It brings convenience of accessing services and information to users regardless of location and time. However, there are some critical security issues residing in cloud computing, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SecurIT '12: Proceedings of the First International Conference on Security of Internet of Things
August 2012
266 pages
ISBN:9781450318228
DOI:10.1145/2490428
General Chairs:
R. Chandrasekhar
Govt. of India
,
Andrew Tanenbaum
Vrije University, Netherlands
,
P. Venkat Rangan
Amrita University, India
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 August 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Euclidean distance
denial-of-service attack
multivariate correlations
network traffic characterization
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 146
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Evaluation on multivariate correlation analysis based denial-of-service attack detection system

SecurIT '12: Proceedings of the First International Conference on Security of Internet of Things

ABSTRACT

References

Cited By

Index Terms

Recommendations

Denial of Service Attack Detection using Multivariate Correlation Analysis

A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis

Triangle-Area-Based Multivariate Correlation Analysis for Effective Denial-of-Service Attack Detection