Construction of High Precision RBFNN with Low False Alarm for Detecting Flooding Based Denial of Service Attacks Using Stochastic Sensitivity Measure

  • Wing W. Y. Ng
  • Aki P. F. Chan
  • Daniel S. Yeung
  • Eric C. C. Tsang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3930)


High precision and low false alarm rate are the two most important characteristics of a good Intrusion Detection System (IDS). In this work, we propose to construct a host-based IDS for detecting flooding-based Denial of Service (DoS) attacks by minimizing the generalization error bound of the IDS to reduce its false alarm rate and increase its precision. Radial basis function neural network (RBFNN) will be applied in the IDS. The generalization error bound is formulated based on the stochastic sensitivity measure of RBFNN. Experimental results using artificial datasets support our claims.


False Alarm False Alarm Rate Intrusion Detection Hide Neuron Radial Basis Function Neural Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baker, S., Grow, B.: Gambling Sites, This Is A Holdup (2004) Business Week,
  2. 2.
    Barbará, D., Jajodia, S.: Applications of Data Mining in Computer Security. Kluwer Academic Publishers, Dordrecht (2002)Google Scholar
  3. 3.
    Chan, A.P.F., Ng, W.W.Y., Yeung, D.S., Tsang, E.C.C.: Multiple Classifier System with Feature Grouping for Intrusion Detection: Mutual Information Approach. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3683, pp. 141–148. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: Proc. of the DARPA Information Survivability Conference and Expostion, pp. 303–314 (2003)Google Scholar
  5. 5.
    Giorgio, G., Fabio, R., Luca, D.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters, 1795–1803 (2003)Google Scholar
  6. 6.
    Householder, A., Manion, A., Pesante, L., Weaver, G., Thomas, R.: Managing the Threat of Denial-of-Service Attacks. Carnegie Mellon CERT Coordination Ceter, Pittsburgh, PA (October 2001), Online Available,
  7. 7.
    Jin, S., Yeung, D.S.: DDoS detection based on feature space modeling. In: Proc. of International Conference on Machine Learning and Cybernetics, pp. 4210–4215 (2004)Google Scholar
  8. 8.
    Jin, S., Yeung, D.S.: A Covariance Analysis Model for DDoS Attack Detection. In: IEEE Proc. of International Conference on Communications, pp. 1882–1886 (2004)Google Scholar
  9. 9.
    Kumar, S., Spafford, E.: A pattern matching model for misuse intrusion detection. In: Proceedings of the 17th National Computer Security Conference (1994)Google Scholar
  10. 10.
    Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the seventh USENIX Security Symposium (1998)Google Scholar
  11. 11.
    Manikopoulos, C., Papavassiliou, S.: Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Communications Magazine (2002)Google Scholar
  12. 12.
    Ng, W.W.Y., Yeung, D.S., Wang, D., Tsang, E.C.C., Wang, X.-Z.: Localized Generalization Error and Its Application to RBFNN Training. In: Proc. of International Conference on Machine Learning and Cybernetics, pp. 4667–4673 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Wing W. Y. Ng
    • 1
  • Aki P. F. Chan
    • 1
  • Daniel S. Yeung
    • 1
  • Eric C. C. Tsang
    • 1
  1. 1.Department of ComputingHong Kong Polytechnic UniversityHong KongChina

Personalised recommendations