Compiling network traffic into rules using soft computing methods for the detection of flooding attacks

The ability to dynamically collect and analyze network traffic and to accurately report the current network status is critical in the face of large-scale intrusions, and enables networks to continually function despite of traffic fluctuations. The paper presents a network traffic model that represents a specific network pattern and a methodology that compiles the network traffic into a set of rules using soft computing methods. This methodology based upon the network traffic model can be used to detect large-scale flooding attacks, for example, a distributed denial-of-service (DDoS) attack. We report experimental results that demonstrate the distinctive and predictive patterns of flooding attacks in simulated network settings, and show the potential of soft computing methods for the successful detection of large-scale flooding attacks.

[1]  Dimitrios Moshou,et al.  Dynamic muscle fatigue detection using self-organizing maps , 2005, Appl. Soft Comput..

[2]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[3]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[4]  Nikola K. Kasabov,et al.  Adaptation and interaction in dynamical systems: Modelling and rule discovery through evolving connectionist systems , 2006, Appl. Soft Comput..

[5]  Sanguk Noh,et al.  Detecting Distributed Denial of Service (DDoS) Attacks through Inductive Learning , 2003, IDEAL.

[6]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[7]  S. Liu,et al.  On the defense of the distributed denial of service attacks: an on-off feedback control approach , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[8]  Fakhreddine O. Karray,et al.  Soft Computing and Intelligent Systems Design, Theory, Tools and Applications , 2006, IEEE Transactions on Neural Networks.

[9]  Lotfi A. Zadeh,et al.  Fuzzy logic, neural networks, and soft computing , 1993, CACM.

[10]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[11]  Kang G. Shin,et al.  Prevention of Congestion in Packet-Switched Multistage Interconnection Networks , 1995, IEEE Trans. Parallel Distributed Syst..

[12]  Lotfi A. Zadeh,et al.  Fuzzy Logic , 2009, Encyclopedia of Complexity and Systems Science.

[13]  Allen D. Householder,et al.  Managing the Threat of Denial-of-Service Attacks , 2001 .

[14]  Fakhri Karray,et al.  Soft Computing and Tools of Intelligent Systems Design: Theory and Applications , 2004 .

[15]  Ming Li,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 1997, Texts in Computer Science.

[16]  Stephen F. Bush,et al.  Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics , 2005, Journal of Network and Systems Management.

[17]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[18]  Pars Mutaf,et al.  Defending against a Denial-of-Service Attack on TCP , 1999, Recent Advances in Intrusion Detection.

[19]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[20]  Peter Clark,et al.  The CN2 induction algorithm , 2004, Machine Learning.

[21]  Sanguk Noh,et al.  Towards flexible multi-agent decision-making under time pressure , 1999, IJCAI 1999.

[22]  Wenfei Fan,et al.  Keys for XML , 2001, WWW '01.

[23]  Peter Cheeseman,et al.  Bayesian classification theory , 1991 .

[24]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[25]  M. Esmel ElAlami,et al.  Extracting rules from trained neural network using GA for managing E-business , 2004, Appl. Soft Comput..