Abstract
In this paper, we present a lightweight detection and visualization methodology for Denial of Service (DoS) attacks. First, we propose a new approach based on Random Forest (RF) to detect DoS attacks. The classification accuracy of RF is comparable to that of Support Vector Machines (SVM). RF is also able to produce the importance value of individual feature. We adopt RF to select intrinsic important features for detecting DoS attacks in a lightweight way. And then, with selected features, we plot both DoS attacks and normal traffics in 2 dimensional space using Multi-Dimensional Scaling (MDS). The visualization results show that simple MDS can help one to visualize DoS attacks without any expert domain knowledge. The experimental results on the KDD 1999 intrusion detection dataset validate the possibility of our approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and Regression Trees. Chapman and Hall, New York (1984)
Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, Chichester (2001)
Young, F.W., Hamer, R.M.: Theory and Applications of Multidimensional Scaling. Eribaum Associates, Hillsdale (1994)
Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)
KDD Cup 1999 Data: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
KDD-Cup-99 Task Description: http://kdd.ics.uci.edu/databases/kddcup99/task.html
Dash, M., Choi, K., Scheuermann, P., Liu, H.: Feature Selection for Clustering – A Filter Soultion
Hall, M.A.: Feature Subset Selection: A correlation Based Filter Approach
Meyer, D., Leisch, F., Hornik, K.: The Support Vector Machine under Test. Neurocomputing 55, 169–186 (2003)
Noelia, S.-M.: A New Wrapper Method for Feature Subset Selection
Park, J., Shazzad, K.M., Kim, D.: Toward Modeling Lightweight Intrusion Detection System through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)
Kohavi, R., John, G.H.: Wrappers for feature subset selection. Artificial Intelligence 97(1–2), 273–324 (1997)
Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. Intelligent Analysis (2004)
SNORT, http://www.snort.org
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Symposium on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)
The R Project for Statistical Computing, http://www.r-project.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, D.S., Lee, S.M., Park, J.S. (2006). Toward Lightweight Detection and Visualization for Denial of Service Attacks. In: Gelbukh, A., Reyes-Garcia, C.A. (eds) MICAI 2006: Advances in Artificial Intelligence. MICAI 2006. Lecture Notes in Computer Science(), vol 4293. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11925231_60
Download citation
DOI: https://doi.org/10.1007/11925231_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49026-5
Online ISBN: 978-3-540-49058-6
eBook Packages: Computer ScienceComputer Science (R0)