Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features

In this paper we present and evaluate a Radial-basis-function neural network detector for Distributed-Denial-of-Service (DDoS) attacks in public networks based on statistical features estimated in short-time window analysis of the incoming data packets. A small number of statistical descriptors were used to describe the DDoS attacks behaviour, and an accurate classification is achieved using the Radial-basis-function neural networks (RBF-NN). The proposed method is evaluated in a simulated public network and showed detection rate better than 98% of DDoS attacks using only three statistical features estimated from one window of data packets of 6 s length. The same type of experiments were carried out on a real network giving significantly better results: a 100% DDoS detection rate is achieved followed by a 0% of false alarm rate using different statistical descriptors and training conditions for the RBF-NN.

[1]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[2]  B. Ravichandran,et al.  Statistical traffic modeling for network intrusion detection , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[3]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[4]  Antonio Lioy,et al.  Security issues in control, management and routing protocols , 2000, Comput. Networks.

[5]  Robert Graham NIDS Pattern Search vs. Protocol Decode , 2001, Comput. Secur..

[6]  Y. W. Chen Study on the prevention of SYN flooding by using traffic policing , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[7]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[8]  S. Hyakin,et al.  Neural Networks: A Comprehensive Foundation , 1994 .

[9]  Boleslaw K. Szymanski,et al.  NETWORK-BASED INTRUSION DETECTION USING NEURAL NETWORKS , 2002 .

[10]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Matt Bishop Trends in academic research: vulnerabilities analysis and intrusion detection , 2002, Comput. Secur..

[12]  Peter Mell,et al.  A denial-of-service resistant intrusion detection architecture , 2000, Comput. Networks.

[13]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[14]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[15]  Winn Schwartau Surviving denial of service , 1999, Comput. Secur..

[16]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[17]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[18]  A.M. Cansian,et al.  Neural networks applied in intrusion detection systems , 1998, 1998 IEEE International Joint Conference on Neural Networks Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98CH36227).

[19]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[20]  ベネット,ヴィクター, エー.,et al.  Method for preventing denial-of-service attacks , 2001 .

[21]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[22]  Richard Barber The Evolution of Intrusion Detection Systems The Next Step , 2001, Comput. Secur..

[23]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).