Skip to main content
SpringerLink
Log in

Computational Intelligent Techniques for Detecting Denial of Service Attacks

  • Conference paper
Innovations in Applied Artificial Intelligence (IEA/AIE 2004)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3029))

Abstract

Recent cyber attacks on the Internet; have proven that none of the open network systems are immune to availability attacks. Recent trend of the adversaries “if I can’t have it, nobody can” has changed the emphasis on the information resource availability in regards to information assurance. Cyber attacks that are launched to deny the information resources, data and services to the legitimate user are termed as denial of service attacks (DoS) or availability attacks. The distributed nature of the Internet helps the adversary to accomplish a multiplicative effect of the attack; such attacks are called distributed denial of service attacks. Detecting and responding to denial of service attacks in real time has become an elusive goal owing to the limited information available from the network connections. This paper presents a comparative study of using support vector machines (SVMs), multivariate adaptive regression splines (MARS) and linear genetic programs (LGPs) for detecting denial of service attacks. We investigate and compare the performance of detecting DoS based on the mentioned techniques, with respect to a well-known sub set of intrusion evaluation data gathered by Lincoln Labs. The key idea is to train the above mentioned techniques using already discovered patterns (signatures) that represent DoS attacks. We demonstrate that highly efficient and accurate signature based classifiers can be constructed by using computational intelligent techniques to detect DoS attacks. Future we describe our ongoing effort of using computational intelligent agents to respond to DoS attacks at the boundary controllers of the network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Draelos, T., et al.: Distributed Denial of Service Characterization. Technical Report, Sandia National Laboratories (2003)

    Google Scholar 

  2. Shields, C.: What do we mean by network denial of service? In: Proceedings of the 2002 IEEE workshop on Information Assurance, US Military Academy, pp. 196–203 (2002)

    Google Scholar 

  3. Blackert, W.J., Furnanage, D.C., Koukoulas, Y.A.: Analysis of Denial of service attacks Using An address Resolution Protocol Attack. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, US Military Academy, pp. 17–22 (2002)

    Google Scholar 

  4. Gresty, D.W., Shi, Q., Merabti, M.: Requirements for a general framework for response to distributed denial of service. In: Seventeenth Annual Computer Security Applications Conference, pp. 422–229 (2001)

    Google Scholar 

  5. Mirkovic, J., Martin, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. Technical Report # 020017, Department of Computer Science, UCLA (2002)

    Google Scholar 

  6. Park, K., Lee, H.: On the Effectiveness of Router-Based Packet Filtering for Distributed DoS attack and Prevention in Power-Law Internets. In: Proceedings of the SGICOMM 2001, pp. 15–26 (2001)

    Google Scholar 

  7. Mohiuddin, S., Hershkop, S., Bhan, R., Stolfo, S.: Defeating Against Large Scale Denial of Service Attack. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, US Military Academy, pp. 139–146 (2002)

    Google Scholar 

  8. Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. International Journal on Digital Evidence, IJDE 1(4)

    Google Scholar 

  9. Mukkamala, S., Sung, A.H.: Detecting Denial of Service Attacks Using Support Vector Machines. In: Proceedings of IEEE International Conference on Fuzzy Systems, pp. 1231–1236. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  10. Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (1998)

    Google Scholar 

  11. Webster, S.E.: The Development and Analysis of Intrusion Detection Algorithms. S.M. Thesis, Massachusetts Institute of Technology (1998)

    Google Scholar 

  12. Lee, W., Stolfo, S.J., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: it Proceedings of the KDD 1998, honorable mention best application paper (1998)

    Google Scholar 

  13. Joachims, T.: Estimating the Generalization Performance of a SVM Efficiently. In: Proceedings of the International Conference on Machine Learning, Morgan Kaufman, San Francisco (2000)

    Google Scholar 

  14. Joachims, T.: SVMlight is an Implementation of Support Vector Machines (SVMs) in C. University of Dortmund. Collaborative Research Center on Complexity Reduction in Multivariate Data (SFB475) (2000), http://ais.gmd.de/~thorsten/svm_light

  15. Vladimir, V.M.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)

    MATH  Google Scholar 

  16. Friedman, J.H.: Multivariate Adaptive Regression Splines. Annals of Statistics 19, 1–141 (1991)

    Article  MATH  MathSciNet  Google Scholar 

  17. Steinberg, D., Colla, P.L., Martin, K.: MARS User Guide. Salford Systems, San Diego (1999)

    Google Scholar 

  18. Banzhaf, W., Nordin, P., Keller, R.E., Francone, F.D.: Genetic Programming: An Introduction on the Automatic Evolution of Computer Programs and its Applications. Morgan Kaufmann Publishers, Inc., San Francisco (1998)

    MATH  Google Scholar 

  19. AIMLearning Technology, http://www.aimlearning.com

  20. Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. To appear in Journal of the Transportation Research Board (of the National Academies)

    Google Scholar 

  21. Mukkamala, S., Janoski, G., Sung, A.H.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE International Joint Conference on Neural Networks, pp. 1702–1707 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science,  

    Srinivas Mukkamala & Andrew H. Sung

  2. Institute for Complex Additive Systems Analysis, New Mexico Tech, Socorro, 87801, New Mexico, U.S.A

    Andrew H. Sung

Authors
  1. Srinivas Mukkamala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew H. Sung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Information Technology, National Research Council of Canada, 1200 Montreal Read, M-50, K1A 0R6, Ottawa, Ontario, Canada

    Bob Orchard

  2. Institute for Information Technology, National Research Council, Canada

    Chunsheng Yang

  3. Department of Computer Science, Texas State University-San Marcos, Nueces 247, 601 University Drive, TX 78666-4616, San Marcos, USA

    Moonis Ali

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mukkamala, S., Sung, A.H. (2004). Computational Intelligent Techniques for Detecting Denial of Service Attacks. In: Orchard, B., Yang, C., Ali, M. (eds) Innovations in Applied Artificial Intelligence. IEA/AIE 2004. Lecture Notes in Computer Science(), vol 3029. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24677-0_63

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24677-0_63

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22007-7

  • Online ISBN: 978-3-540-24677-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation