{"title":"使用级联多分类器检测拒绝服务","authors":"A. Dhingra, M. Sachdeva","doi":"10.1504/ijcse.2021.10039984","DOIUrl":null,"url":null,"abstract":"The paper proposes a cascaded multi-classifier two-phase intrusion detection (TP-ID) approach that can be trained to monitor incoming traffic for any suspicious data. It addresses the issue of efficient detection of intrusion in traffic and further classifies the suspicious traffic as a DDoS attack or flash event. Features portraying the behaviour of normal, DDoS attack, and flash event are extracted from historical data obtained after merging CAIDA'07, SlowDoS2016, CIC-IDS-2017, and WorldCup 1998 benchmark datasets available online along with the commercial dataset for e-shopping assistant website. Information gain is applied to rank and select the most relevant features. TP-ID applies supervised learning algorithms in the two phases. Each phase tests the set of classifiers, the best of which is chosen for building a model. The performance of the system is evaluated using the detection rate, false-positive rate, mean absolute percentage error, and classification rate. The proposed approach classifies the traffic anomalies with a 99% detection rate, 0.43% FPR, and 99.51% classification rate.","PeriodicalId":340410,"journal":{"name":"Int. J. Comput. Sci. Eng.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detection of denial of service using a cascaded multi-classifier\",\"authors\":\"A. Dhingra, M. Sachdeva\",\"doi\":\"10.1504/ijcse.2021.10039984\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper proposes a cascaded multi-classifier two-phase intrusion detection (TP-ID) approach that can be trained to monitor incoming traffic for any suspicious data. It addresses the issue of efficient detection of intrusion in traffic and further classifies the suspicious traffic as a DDoS attack or flash event. Features portraying the behaviour of normal, DDoS attack, and flash event are extracted from historical data obtained after merging CAIDA'07, SlowDoS2016, CIC-IDS-2017, and WorldCup 1998 benchmark datasets available online along with the commercial dataset for e-shopping assistant website. Information gain is applied to rank and select the most relevant features. TP-ID applies supervised learning algorithms in the two phases. Each phase tests the set of classifiers, the best of which is chosen for building a model. The performance of the system is evaluated using the detection rate, false-positive rate, mean absolute percentage error, and classification rate. The proposed approach classifies the traffic anomalies with a 99% detection rate, 0.43% FPR, and 99.51% classification rate.\",\"PeriodicalId\":340410,\"journal\":{\"name\":\"Int. J. Comput. Sci. Eng.\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Comput. Sci. Eng.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/ijcse.2021.10039984\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Comput. Sci. Eng.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijcse.2021.10039984","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detection of denial of service using a cascaded multi-classifier
The paper proposes a cascaded multi-classifier two-phase intrusion detection (TP-ID) approach that can be trained to monitor incoming traffic for any suspicious data. It addresses the issue of efficient detection of intrusion in traffic and further classifies the suspicious traffic as a DDoS attack or flash event. Features portraying the behaviour of normal, DDoS attack, and flash event are extracted from historical data obtained after merging CAIDA'07, SlowDoS2016, CIC-IDS-2017, and WorldCup 1998 benchmark datasets available online along with the commercial dataset for e-shopping assistant website. Information gain is applied to rank and select the most relevant features. TP-ID applies supervised learning algorithms in the two phases. Each phase tests the set of classifiers, the best of which is chosen for building a model. The performance of the system is evaluated using the detection rate, false-positive rate, mean absolute percentage error, and classification rate. The proposed approach classifies the traffic anomalies with a 99% detection rate, 0.43% FPR, and 99.51% classification rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
