An in-depth analysis on traffic flooding attacks detection and system using data mining techniques

Recently, as network traffic flooding attack such as DoS and DDoS have posed devastating threats on network services, rapid detection, and semantic analysis are the major concern for secure and reliable network services. In addition, in a recent issue of the safety and comfort of vehicles and communication technologies for service is required. We propose a traffic flooding attack detection and an in-depth analysis system that uses data mining techniques. In this paper we (1) designed and implemented a system that detects traffic flooding attacks. Then, it executes classification by attack type and it uses SNMP MIB information based on C4.5 algorithm; (2) conducted a semantic interpretation that extracts and analyzes the rules of execution mechanism that are additionally provided by C4.5; (3) performed an in-depth analysis on the attack patterns and useful knowledge inherent in their data by type, utilizing association rule mining. Classification by attack and attack type based on C4.5 and association rules, automatic rule extraction and semantic in-depth interpretation, which are proposed in this paper, provide a positive possibility to add momentum towards the development of new methodologies for intrusion detection systems as well as to support establishing policies for intrusion detection and response systems.

[1]  Li-Der Chou,et al.  A survey of black hole attacks in wireless mobile ad hoc networks , 2011, Human-centric Computing and Information Sciences.

[2]  Jun Li,et al.  Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[3]  Mark A. Hall,et al.  Correlation-based Feature Selection for Machine Learning , 2003 .

[4]  Farouk Kamoun,et al.  Traffic Anomaly Detection and Characterization in the Tunisian National University Network , 2006, Networking.

[5]  Byung Ro Moon,et al.  Hybrid Genetic Algorithms for Feature Selection , 2004, IEEE Trans. Pattern Anal. Mach. Intell..

[6]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[7]  Pin-Han Ho,et al.  GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications , 2007, IEEE Transactions on Vehicular Technology.

[8]  Daihee Park,et al.  Traffic flooding attack detection with SNMP MIB using SVM , 2008, Comput. Commun..

[9]  Sanghun Kim,et al.  Decision-Tree-Based Markov Model for Phrase Break Prediction , 2007 .

[10]  L. Javier García-Villalba,et al.  On the Anomaly Intrusion-Detection in Mobile Ad Hoc Network Environments , 2006, PWC.

[11]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[12]  Salvatore Ruggieri,et al.  Efficient C4.5 , 2002, IEEE Trans. Knowl. Data Eng..

[13]  Quan Z. Sheng,et al.  Web of Things: Description, Discovery and Integration , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[14]  Maxim Raya,et al.  Securing vehicular ad hoc networks , 2007, J. Comput. Secur..

[15]  Myung-Sup Kim,et al.  Real-time Classification of Internet Application Traffic using a Hierarchical Multi-class SVM , 2010, KSII Trans. Internet Inf. Syst..

[16]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[17]  Wenke Lee,et al.  Proactive Intrusion Detection and Distributed Denial of Service Attacks—A Case Study in Security Management , 2002, Journal of Network and Systems Management.

[18]  Marie Kim,et al.  COSMOS: A Middleware for Integrated Data Processing over Heterogeneous Sensor Networks , 2008 .

[19]  Pedro Luiz Pizzigatti Corrêa,et al.  MR-Radix: a multi-relational data mining algorithm , 2012, Human-centric Computing and Information Sciences.