Abstract
Recent cyber attacks on the Internet; have proven that none of the open network systems are immune to availability attacks. Recent trend of the adversaries “if I can’t have it, nobody can” has changed the emphasis on the information resource availability in regards to information assurance. Cyber attacks that are launched to deny the information resources, data and services to the legitimate user are termed as denial of service attacks (DoS) or availability attacks. The distributed nature of the Internet helps the adversary to accomplish a multiplicative effect of the attack; such attacks are called distributed denial of service attacks. Detecting and responding to denial of service attacks in real time has become an elusive goal owing to the limited information available from the network connections. This paper presents a comparative study of using support vector machines (SVMs), multivariate adaptive regression splines (MARS) and linear genetic programs (LGPs) for detecting denial of service attacks. We investigate and compare the performance of detecting DoS based on the mentioned techniques, with respect to a well-known sub set of intrusion evaluation data gathered by Lincoln Labs. The key idea is to train the above mentioned techniques using already discovered patterns (signatures) that represent DoS attacks. We demonstrate that highly efficient and accurate signature based classifiers can be constructed by using computational intelligent techniques to detect DoS attacks. Future we describe our ongoing effort of using computational intelligent agents to respond to DoS attacks at the boundary controllers of the network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Draelos, T., et al.: Distributed Denial of Service Characterization. Technical Report, Sandia National Laboratories (2003)
Shields, C.: What do we mean by network denial of service? In: Proceedings of the 2002 IEEE workshop on Information Assurance, US Military Academy, pp. 196–203 (2002)
Blackert, W.J., Furnanage, D.C., Koukoulas, Y.A.: Analysis of Denial of service attacks Using An address Resolution Protocol Attack. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, US Military Academy, pp. 17–22 (2002)
Gresty, D.W., Shi, Q., Merabti, M.: Requirements for a general framework for response to distributed denial of service. In: Seventeenth Annual Computer Security Applications Conference, pp. 422–229 (2001)
Mirkovic, J., Martin, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. Technical Report # 020017, Department of Computer Science, UCLA (2002)
Park, K., Lee, H.: On the Effectiveness of Router-Based Packet Filtering for Distributed DoS attack and Prevention in Power-Law Internets. In: Proceedings of the SGICOMM 2001, pp. 15–26 (2001)
Mohiuddin, S., Hershkop, S., Bhan, R., Stolfo, S.: Defeating Against Large Scale Denial of Service Attack. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, US Military Academy, pp. 139–146 (2002)
Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. International Journal on Digital Evidence, IJDE 1(4)
Mukkamala, S., Sung, A.H.: Detecting Denial of Service Attacks Using Support Vector Machines. In: Proceedings of IEEE International Conference on Fuzzy Systems, pp. 1231–1236. IEEE Computer Society Press, Los Alamitos (2003)
Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (1998)
Webster, S.E.: The Development and Analysis of Intrusion Detection Algorithms. S.M. Thesis, Massachusetts Institute of Technology (1998)
Lee, W., Stolfo, S.J., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: it Proceedings of the KDD 1998, honorable mention best application paper (1998)
Joachims, T.: Estimating the Generalization Performance of a SVM Efficiently. In: Proceedings of the International Conference on Machine Learning, Morgan Kaufman, San Francisco (2000)
Joachims, T.: SVMlight is an Implementation of Support Vector Machines (SVMs) in C. University of Dortmund. Collaborative Research Center on Complexity Reduction in Multivariate Data (SFB475) (2000), http://ais.gmd.de/~thorsten/svm_light
Vladimir, V.M.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)
Friedman, J.H.: Multivariate Adaptive Regression Splines. Annals of Statistics 19, 1–141 (1991)
Steinberg, D., Colla, P.L., Martin, K.: MARS User Guide. Salford Systems, San Diego (1999)
Banzhaf, W., Nordin, P., Keller, R.E., Francone, F.D.: Genetic Programming: An Introduction on the Automatic Evolution of Computer Programs and its Applications. Morgan Kaufmann Publishers, Inc., San Francisco (1998)
AIMLearning Technology, http://www.aimlearning.com
Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. To appear in Journal of the Transportation Research Board (of the National Academies)
Mukkamala, S., Janoski, G., Sung, A.H.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE International Joint Conference on Neural Networks, pp. 1702–1707 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mukkamala, S., Sung, A.H. (2004). Computational Intelligent Techniques for Detecting Denial of Service Attacks. In: Orchard, B., Yang, C., Ali, M. (eds) Innovations in Applied Artificial Intelligence. IEA/AIE 2004. Lecture Notes in Computer Science(), vol 3029. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24677-0_63
Download citation
DOI: https://doi.org/10.1007/978-3-540-24677-0_63
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22007-7
Online ISBN: 978-3-540-24677-0
eBook Packages: Springer Book Archive