ABSTRACT
In this paper, a Denial-of-Service (DoS) attack detection system is explored, where a multivariate correlation analysis technique based on Euclidean distance is applied for network traffic characterization and the principal of anomaly-based detection is employed in attack recognition. The effectiveness of the detection system is evaluated on the KDD Cup 99 dataset and the influence of data normalization on the performance of attack detection is analyzed in this paper as well. The evaluation results and comparisons prove that the detection system is effective in distinguishing DoS attack network traffic from legitimate network traffic and outperforms two state-of-the-art systems.
- C. Manikopoulos and S. Papavassiliou, "Network Intrusion and Fault Detection: A Statistical Anomaly Approach," Communications Magazine, IEEE, vol. 40, pp. 76--82, 2002. Google ScholarDigital Library
- M. Fugate and J. R. Gattiker, "Computer Intrusion Detection with Classification and Anomaly Detection Using SVMs," International Journal of Pattern Recognition and Artificial Intelligence, vol. 17, pp. 441--458, 2003.Google ScholarCross Ref
- M. Thottan and C. Ji, "Anomaly Detection in IP Networks," Signal Processing, IEEE Transactions on, vol. 51, pp. 2191--2204, 2003. Google ScholarDigital Library
- H. Wang, et al., "Change-point Monitoring for the Detection of DoS Attacks," IEEE Transactions on Dependable and Secure Computing, pp. 193--208, 2004. Google ScholarDigital Library
- S. T. Sarasamma, et al., "Hierarchical Kohonenen Net for Anomaly Detection in Network Security," Systems, Man, and Cybernetics, Part B: Cybernetics, IEEE Transactions on, vol. 35, pp. 302--312, 2005. Google ScholarDigital Library
- S. Jin, et al., "Network Intrusion Detection in Covariance Feature Space," Pattern Recognition, vol. 40, pp. 2185--2197, 2007. Google ScholarDigital Library
- M. Tavallaee, et al., "A novel covariance matrix based approach for detecting network anomalies," presented at The Communication Networks and Services Research Conference, 2008. Google ScholarDigital Library
- C. F. Tsai and C. Y. Lin, "A Triangle Area Based Nearest Neighbors Approach to Intrusion Detection," Pattern Recognition, vol. 43, pp. 222--229, 2010. Google ScholarDigital Library
- A. Jamdagni, et al., "Intrusion Detection Using GSAD Model for HTTP Traffic on Web Services," presented at the 6th International Wireless Communications and Mobile Computing Conference 2010. Google ScholarDigital Library
- Z. Tan, et al., "A Two-tier System for Web Attack Detection Using Linear Discriminant Method," The 12th International Conference on Information and Communications Security, pp 459--471, 2010. Google ScholarDigital Library
- Z. Tan, et al., "Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis," presented at the Neural Information Processing, 2011.Google Scholar
- J. Cheng, et al., "KDD Cup 2001 report," ACM SIGKDD Explorations Newsletter}, vol. 3, pp. 47--64, 2002. Google ScholarDigital Library
- W. Wang, et al., "Attribute Normalization in Network Intrusion Detection," presented at the 10th International Symposium on Pervasive Systems, Algorithms, and Networks 2009. Google ScholarDigital Library
Index Terms
- Evaluation on multivariate correlation analysis based denial-of-service attack detection system
Recommendations
Denial of Service Attack Detection using Multivariate Correlation Analysis
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive StrategiesDenial of Service (DoS)/ DDoS attack is a common and severe problem for network security researchers and practitioners. Attackers often generate attack traffic that behaves similar to normal network traffic using sophisticated attacking tools. Many ...
A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis
Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these ...
Triangle-Area-Based Multivariate Correlation Analysis for Effective Denial-of-Service Attack Detection
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsCloud computing plays an important role in current converged networks. It brings convenience of accessing services and information to users regardless of location and time. However, there are some critical security issues residing in cloud computing, ...
Comments