论文信息 - Detection and Classification of DDoS Attacks Using Fuzzy Inference System

Detection and Classification of DDoS Attacks Using Fuzzy Inference System

A DDoS attack saturates a network by overwhelming the network resources with an immense volume of traffic that prevent the normal users from accessing the network resources. When Intrusion Detection Systems are used, a huge number of alerts will be generated and these alerts consist of both False Positives and True Positives. Due to huge volume of attack traffic, there is a possibility of occurring more False Positives than True Positives which is difficult for the network analyst to classify the original attack and take remedial action. This paper focuses on development of alert classification system to classify False Positives and True Positives related to DDoS attacks. It consists of five phases : Attack Generation, Alert Collection, Alert Fusion, Alert Generalization and Alert classification. In Attack Generation, DDoS attacks are generated in experimental testbed. In Alert Collection, snort IDS will be used to generate alerts for the generated traffic in testbed and alerts are collected. In Alert Fusion, the repeated alerts will be fused together to form meta alerts. In Alerts Generalization, the alerts indicating traffic towards the servers will be taken for further analysis. In Alert Classification, using fuzzy inference system the alerts will be classified as True Positives and False Positives. This reduces the difficulty of the network analyst by eliminating the false positives. This system is tested using an experimental testbed.

[1] William W. Cohen. Fast Effective Rule Induction , 1995, ICML.

[2] Tadeusz Pietraszek,et al. Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection , 2004, RAID.

[3] Christopher Krügel,et al. Using Alert Verification to Identify Successful Intrusion Attempts , 2004, Prax. Inf.verarb. Kommun..

[4] Jonatan Gómez,et al. Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[5] Salvatore J. Stolfo,et al. A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[6] Tadeusz Pietraszek,et al. Data mining and machine learning - Towards reducing false positives in intrusion detection , 2005, Inf. Secur. Tech. Rep..

[7] Vasant Honavar,et al. Automated discovery of concise predictive rules for intrusion detection , 2002, J. Syst. Softw..

[8] Hervé Debar,et al. Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[9] Thomas A. Longstaff,et al. A common language for computer security incidents , 1998 .

[10] R. Monsefi,et al. Network intrusion detection based on neuro-fuzzy classification , 2006, 2006 International Conference on Computing & Informatics.