DoS attacks prevention using IDS and data mining

Denial of Service (DoS) attacks pose a serious threat to business companies. DoS attacks is hard to defend because of many different ways that hacker may strike. DoS attacks focus on certain applications. DoS attack targets to make the service out of resources, so that it becomes unavailable to the legitimate users. Due to unpredictable behaviour of hacker it is difficult to distinguish between legitimate and malicious network traffic. Moreover, as defence against these improve, attacks also evolve. New kind of unknown attacks continue to strike and it is not easy to detect them based on information of pre-existing attacks. DOS attacks typically aim websites or services such as card payment gateways, banks, and even domain name servers. In this paper, we discuss about DOS attacks and briefly view the different prevention schemes. Then we discussed DoS prevention using firewall and IDS and different approaches to IDS using Data Mining techniques. We used NSL-KDD dataset, refined version of kdd'99 cup data set for applying Data Mining algorithms and testing.

[1]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Christopher Leckie,et al.  An efficient filter for denial-of-service bandwidth attacks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[4]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[5]  Rajkumar,et al.  A Survey on Latest DoS Attacks:Classificationand Defense Mechanisms , 2013 .

[6]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[7]  Georg Carle,et al.  Traffic Anomaly Detection Using K-Means Clustering , 2007 .

[8]  Gulshan Kumar,et al.  Survey on Data Mining Techniques in Intrusion Detection , 2012 .

[9]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[10]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[11]  R. Lewis An Introduction to Classification and Regression Tree (CART) Analysis , 2000 .

[12]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[13]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[14]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.