Intelligent Anomaly Detection Techniques for Denial of Service Attacks

V. C. Gungor, Z. Aydın, Ramazan Karademir
{"title":"Intelligent Anomaly Detection Techniques for Denial of Service Attacks","authors":"V. C. Gungor, Z. Aydın, Ramazan Karademir","doi":"10.17706/IJCCE.2018.7.2.20-31","DOIUrl":null,"url":null,"abstract":"To construct and evaluate intrusion detection, system researchers are limited to only a few available public datasets unless they prepare their own. Although the most prevalent KDDCUP’99 dataset provides a comparative analysis among researchers, the community needs a new dataset which reflects new attack types in current high-speed networks. The aim of this study is to prepare a new alternative dataset for the community for detection of denial of service attacks and to conduct performance analysis of different data mining methods on this dataset. To develop the dataset, distributed DoS attacks have been generated that target a commercial website in a real network environment, which has a million of users from all over the world. In addition to this, a richer attack dataset has been produced in a laboratory environment with the help of Labris Networks. After capturing data, significant network features have been identified and processed and labeled with related attack types. Furthermore, the performances of different data mining techniques have been evaluated, including binary classification, multi-class classification, outlier detection, feature selection methods and hybrid approaches with our dataset by using the following algorithms: K-Means clustering, Naïve Bayes, Decision Tree, Multilayer Perceptron, LibSVM, Random Forest and Random Tree.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":"1 1","pages":"20-31"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/IJCCE.2018.7.2.20-31","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

To construct and evaluate intrusion detection, system researchers are limited to only a few available public datasets unless they prepare their own. Although the most prevalent KDDCUP’99 dataset provides a comparative analysis among researchers, the community needs a new dataset which reflects new attack types in current high-speed networks. The aim of this study is to prepare a new alternative dataset for the community for detection of denial of service attacks and to conduct performance analysis of different data mining methods on this dataset. To develop the dataset, distributed DoS attacks have been generated that target a commercial website in a real network environment, which has a million of users from all over the world. In addition to this, a richer attack dataset has been produced in a laboratory environment with the help of Labris Networks. After capturing data, significant network features have been identified and processed and labeled with related attack types. Furthermore, the performances of different data mining techniques have been evaluated, including binary classification, multi-class classification, outlier detection, feature selection methods and hybrid approaches with our dataset by using the following algorithms: K-Means clustering, Naïve Bayes, Decision Tree, Multilayer Perceptron, LibSVM, Random Forest and Random Tree.
拒绝服务攻击的智能异常检测技术
为了构建和评估入侵检测,系统研究人员只能使用少数可用的公共数据集,除非他们自己准备好。虽然最流行的KDDCUP ' 99数据集提供了研究人员之间的比较分析,但社区需要一个新的数据集来反映当前高速网络中的新攻击类型。本研究的目的是为社区准备一个新的替代数据集,用于检测拒绝服务攻击,并在该数据集上对不同的数据挖掘方法进行性能分析。为了开发数据集,生成了分布式DoS攻击,目标是真实网络环境中的一个商业网站,该网站拥有来自世界各地的一百万用户。除此之外,在Labris Networks的帮助下,在实验室环境中生成了更丰富的攻击数据集。捕获数据后,识别和处理重要的网络特征,并标记相关的攻击类型。此外,我们还利用K-Means聚类、Naïve贝叶斯、决策树、多层感知器、LibSVM、随机森林和随机树等算法,评估了不同数据挖掘技术的性能,包括二值分类、多类分类、离群点检测、特征选择方法和混合方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信