Detection of DDoS attacks using Enhanced Support Vector Machines with real time generated dataset

An approach for combating network intrusion detection is the development of systems applying machine learning and data mining techniques. Many Intrusion Detection Systems (IDS) suffer from a high rate of false alarms and missed intrusions. The detection rate has to be improved while maintaining low rate of misses. The focus of this paper is to generate the Distributed Denial of Service (DDoS) detection dataset and detect them using the Enhanced Support Vector Machines. The DDoS dataset with various direct and derived attributes is generated in an experimental testbed which has 14 attributes and 10 types of latest DDoS attack classes. Using the generated DDoS dataset the Enhanced Multi Class Support Vector Machines (EMCSVM) is used for detection of the attacks into various classes. The performance of the EMCSVM is evaluated over SVM with various parameter values and kernel functions. It is inferred that EMCSVM produces better classification rate for the DDoS dataset with ten types of latest DDoS attacks when compared with the kddcup 99 dataset which has six types of DoS attacks.

[1]  Vrizlynn L. L. Thing,et al.  Locating network domain entry and exit point/path for DDoS attack traffic , 2009, IEEE Transactions on Network and Service Management.

[2]  Nirwan Ansari,et al.  Is it congestion or a DDoS attack? , 2009, IEEE Communications Letters.

[3]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[4]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[6]  Shunzheng Yu,et al.  A Novel Model for Detecting Application Layer DDoS Attacks , 2006, First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS'06).

[7]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[8]  Jie Yu,et al.  A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks , 2007, International Conference on Networking and Services (ICNS '07).

[9]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[10]  César Vargas Rosales,et al.  Detecting anomalies in network traffic using the method of remaining elements , 2009, IEEE Communications Letters.

[11]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[12]  Thanvarat Komviriyavut,et al.  Network intrusion detection and classification with Decision Tree and rule based approaches , 2009, 2009 9th International Symposium on Communications and Information Technology.

[13]  Shun-Zheng Yu,et al.  A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors , 2009, IEEE/ACM Transactions on Networking.

[14]  Wanlei Zhou,et al.  Information theory based detection against network behavior mimicking DDoS attacks , 2008, IEEE Communications Letters.

[15]  Wanlei Zhou,et al.  Chaos theory based detection against network mimicking DDoS attacks , 2009, IEEE Communications Letters.