Self-Organizing Maps for Early Detection of Denial of Service Attacks

  • Miguel Ángel Pérez del Pino
  • Patricio García Báez
  • Pablo Fernández López
  • Carmen Paz Suárez Araujo
Part of the Studies in Computational Intelligence book series (SCI, volume 378)

Abstract

Detection and early alert of Denial of Service (DoS) attacks are very important actions to make appropriate decisions in order to minimize their negative impact. DoS attacks have been catalogued as of high-catastrophic index and hard to defend against. Our study presents advances in the area of computer security against DoS attacks. In this chapter, a flexible method is presented, capable of effectively tackling and overcoming the challenge of DoS (and distributed DoS) attacks using a CISDAD (Computer Intelligent System for DoS Attacks Detection). It is a hybrid intelligent system with a modular structure: a pre-processing module (non neural) and a processing module based on Kohonen Self-Organizing artificial neural networks. The proposed system introduces an automatic differential detection of several Normal Traffic and several Toxic Traffics, clustering them upon its Transport-Layer-Protocol behavior. Two computational studies of CISDAD working with real networking traffic will be described, showing a high level of effectiveness in the CISDAD detection process. Finally, in this chapter, the possibility for specific adaptation to the Healthcare environment that CISDAD can offer is introduced.

Keywords

Legitimate User Transport Control Protocol Network Address Translation Service Attack Hybrid Intelligent System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Amini, M., Jalili, R., Shahriari, H.R.: RT-UNNID: A Practical Solution to Real-time Network-based Intrusion Detection Using Unsupervised Neural Networks. Computers & Security 25-6, 321–354 (2006)Google Scholar
  2. 2.
    Argus: Auditing Network Activity, http://www.qosient.com/argus (cited January 11, 2011)
  3. 3.
    BBC News. Visualizing the Internet, http://news.bbc.co.uk/2/hi/8552410.stm (cited January 31, 2011)
  4. 4.
    Bivens, A., Palagiri, C., Smith, R., Szymanski, B.K., Embrechts, M.: Network Based Intrusion Detection Using Neural Network. In: Intelligent Engineering Systems through Artificial Neural Networks: Proceedings of ANNIE, vol. 12 (2002)Google Scholar
  5. 5.
    Ali, F.: IP Spoofing. The Internet Protocol Journal 10-4, 2–9 (2007)Google Scholar
  6. 6.
    Digital Imaging and Communications in Medicine Standard, http://medical.nema.org/ (cited February15, 2011)
  7. 7.
    Erikson, J.: HACKING the art of exploitation, 2nd edn. No Starch Press, San Francisco; ISBN: 1-59327-144-1Google Scholar
  8. 8.
    García Báez, P.: HUMANN: Una Nueva Red Neuronal Artificial Adaptativa, No Supervisada, Modular y Jerárquica. Aplicaciones en Neurociencia y Medioambiente (Ph.D. Thesis). University of Las Palmas de Gran Canaria (2005)Google Scholar
  9. 9.
    Health Level 7 International, http://www.hl7.org/ (cited February 15, 2011)
  10. 10.
    hping. Salvatore Sanfilippo, http://www.hping.org/ (cited January 23, 2011)
  11. 11.
    Kohavi, R., Provost, F.: Glossary of Terms. Machine Learning 30-2,3, 271–274 (1998)Google Scholar
  12. 12.
    Kohonen, T.: Self-Organization and Associative Memory, 3rd edn. Springer Series in Information Sciences, pp. 3–540 (1989); ISBN: 3-540-51387-6Google Scholar
  13. 13.
    Kohonen, T.: Self-Organizating Maps, 2nd edn. Springer Series in Information Sciences (1997); ISBN: 3-540-62017-6Google Scholar
  14. 14.
    Labib, K., Vemuri, R.: NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-Organazing Maps (2002)Google Scholar
  15. 15.
    Lichodzijewski, P., Nur Zincir-Heywood, A., Heywood, M.I.: Dynamic Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the 14th Annual CITASS (2002)Google Scholar
  16. 16.
    Lichodzijewski, P., Nur Zincir-Heywood, A., Heywood, M.I.: Host-Based Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the 14th Annual CITASS (2002)Google Scholar
  17. 17.
    Pérez-del-Pino, M.A., García Báez, P., Fernández López, P., Suárez Araujo, C.P.: Towards Self-Organizing Maps based Computational Intelligent System for Denial of Service Attacks Detection. In: 14th International Conference on Intelligent Engineering Systems (INES), pp. 978–971 (2010); ISBN: 978-1-4244-7650-3Google Scholar
  18. 18.
    Pérez-del-Pino, M.A., Suárez Araujo, C.P., García Báez, P., Fernández López, P.: EDEVITALZH: an e-Health Solution for Application in the Medical Fields of Geriatrics and Neurology. In: 13th International Conference on Computer Aided Systems Theory, EUROCAST 2011 (2011)Google Scholar
  19. 19.
    Suárez Araujo, C.P., Pérez-del-Pino, M.A., García Báez, P., Fernández López, P.: Clinical Web Environment to Assist the Diagnosis of Alzheimers Disease and other Dementias. WSEAS Transactions on Computers 6, 2083–2088 (2004); ISSN: 1109-2750Google Scholar
  20. 20.
    Matsopoulos, G.K.: Self-Organizing Maps.In: InTech. ISBN: 978-953-307-074-2Google Scholar
  21. 21.
    NetFlow by Cisco Systems, http://en.wikipedia.org/wiki/Netflow (cited December 12, 2010)
  22. 22.
    Network Grep, http://ngrep.sourceforge.net/ (cited January11, 2011)
  23. 23.
    OGE: Oracle Grid Engine, http://www.oracle.com/us/products/tools/oracle-grid-engine-075549.html (cited January 21, 2011)
  24. 24.
    Packet Details Markup Language Specification, http://gd.tuwien.ac.at/.vhost/analyzer.polito.it/docs/dissectors/PDMLSpec.htm (cited January 15, 2011)
  25. 25.
    Perl Programming Language, http://www.perl.org (cited December 14, 2010)
  26. 26.
    Port Mirroring. Wikipedia, http://en.wikipedia.org/wiki/Port_mirroring (cited January 21, 2011)
  27. 27.
    RFC 4732: Internet Denial-of-Service Considerations, http://tools.ietf.org/html/rfc4732 (cited November 21, 2010)
  28. 28.
    SOM_PACK. Dept. of Information and Computer Science, Helsinki University of Technology, http://www.cis.hut.fi/research/som-research/nnrc-programs.shtml (cited January 21, 2011)
  29. 29.
    Stalling, W.: Network Security Essentials. Applications and Standards. Prentice Hall, Englewood Cliffs (2007); ISBN: 0-13-238033-1Google Scholar
  30. 30.
    Stalling, W.: Comunicaciones y Redes de Computadores, 6th edn. Prentice Hall, Englewood Cliffs (2000); ISBN: 84-205-2986-9Google Scholar
  31. 31.
    Suárez Araujo, C.P., García Báez, P., Hernández Trujillo, Y.: Neural Computation Methods in the Determination of Fungicides. Fungicides, 471–496 (2010); ISBN: 978-953-307-266-1Google Scholar
  32. 32.
    Symantec State of Enterprise Security Survey (2010), http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf (cited March 25, 2011)
  33. 33.
    TShark: The Wireshark Network Analyzer. Documentation, http://man-wiki.net/index.php/1:tshark (cited January 21, 2011)
  34. 34.
    Denial-of-Service Attacks, Incidents. Wikipedia, http://en.wikipedia.org/wiki/Denial-of-service_attack (cited January 02, 2011)
  35. 35.
    Zanero, S.: Analyzing TCP Traffic Patterns Using Self Organizing Maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 83–90. Springer, Heidelberg (2005), http://man-wiki.net/index.php/1:tshark (cited January 21, 2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Miguel Ángel Pérez del Pino
    • 1
  • Patricio García Báez
    • 2
  • Pablo Fernández López
    • 1
  • Carmen Paz Suárez Araujo
    • 1
  1. 1.Instituto Universitario de Ciencias y Tecnologas CibernéticasUniversidad de Las Palmas de Gran CanariaLas Palmas de Gran CanariaSpain
  2. 2.Departamento de Estadística, Investigación Operativa y ComputacónUniversidad de La LagunaLa LagunaSpain

Personalised recommendations