A Data Mining Approach for the Detection of Denial of Service Attack

Denial of Service (DoS) attacks constitutes one of the major threats and among the hardest security problems currently facing computer networks and particularly the Internet. A DoS attack can easily exhausts the computing and communication resources of its victim within a short period of time. Because of the seriousness of the problem many defense mechanisms have been proposed to fight these attacks. In this paper, we propose an approach that detects DoS attacks using data mining classification techniques. The approach is based on classifying “normal” traffic against “abnormal” traffic in the sense of DoS attacks. The paper investigates and evaluates the performance of J48 decision tree algorithm for the detection of DoS attacks and compares it with two rule based algorithms, namely OneR and Decision table. The selected algorithms were tested with benchmark 1998 DARPA Intrusion Detection data. Our research results show that both Decision tree and rule based classifiers deliver highly accurate results – greater than 99% accuracy – and exhibit high level of overall performance. DOI: http://dx.doi.org/10.11591/ij-ai.v2i2.1937

[1]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[3]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[4]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[5]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[6]  Dewan Md. Farid,et al.  Attacks classification in adaptive intrusion detection using decision tree , 2010 .

[7]  Kien A. Hua,et al.  Decision tree classifier for network intrusion detection with GA-based feature selection , 2005, ACM Southeast Regional Conference.

[8]  Geert Wets,et al.  Extending a tabular knowledge-based framework with feature selection , 1997 .

[9]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[10]  Jan Vanthienen,et al.  Illustration of a decision table tool for specifying and implementing knowledge based systems , 1993, Proceedings of 1993 IEEE Conference on Tools with Al (TAI-93).

[11]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[12]  Udo W. Pooch,et al.  Translation of Decision Tables , 1974, ACM Comput. Surv..

[13]  Jeffrey Erman,et al.  Internet Traffic Identification using Machine Learning , 2006 .