Toward Lightweight Detection and Visualization for Denial of Service Attacks

  • Dong Seong Kim
  • Sang Min Lee
  • Jong Sou Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4293)


In this paper, we present a lightweight detection and visualization methodology for Denial of Service (DoS) attacks. First, we propose a new approach based on Random Forest (RF) to detect DoS attacks. The classification accuracy of RF is comparable to that of Support Vector Machines (SVM). RF is also able to produce the importance value of individual feature. We adopt RF to select intrinsic important features for detecting DoS attacks in a lightweight way. And then, with selected features, we plot both DoS attacks and normal traffics in 2 dimensional space using Multi-Dimensional Scaling (MDS). The visualization results show that simple MDS can help one to visualize DoS attacks without any expert domain knowledge. The experimental results on the KDD 1999 intrusion detection dataset validate the possibility of our approach.


Support Vector Machine Feature Selection Random Forest Intrusion Detection Intrusion Detection System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and Regression Trees. Chapman and Hall, New York (1984)MATHGoogle Scholar
  2. 2.
    Breiman, L.: Random forest. Machine Learning 45(1), 5–32 (2001)MATHCrossRefGoogle Scholar
  3. 3.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley & Sons, Chichester (2001)MATHGoogle Scholar
  4. 4.
    Young, F.W., Hamer, R.M.: Theory and Applications of Multidimensional Scaling. Eribaum Associates, Hillsdale (1994)Google Scholar
  5. 5.
    Kim, D., Nguyen, H.-N., Ohn, S.-Y., Park, J.: Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System. In: Wang, J., Liao, X.-F., Yi, Z. (eds.) ISNN 2005. LNCS, vol. 3498, pp. 415–420. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
  7. 7.
  8. 8.
    Dash, M., Choi, K., Scheuermann, P., Liu, H.: Feature Selection for Clustering – A Filter SoultionGoogle Scholar
  9. 9.
    Hall, M.A.: Feature Subset Selection: A correlation Based Filter ApproachGoogle Scholar
  10. 10.
    Meyer, D., Leisch, F., Hornik, K.: The Support Vector Machine under Test. Neurocomputing 55, 169–186 (2003)CrossRefGoogle Scholar
  11. 11.
    Noelia, S.-M.: A New Wrapper Method for Feature Subset SelectionGoogle Scholar
  12. 12.
    Park, J., Shazzad, K.M., Kim, D.: Toward Modeling Lightweight Intrusion Detection System through Correlation-Based Hybrid Feature Selection. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 279–289. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Kohavi, R., John, G.H.: Wrappers for feature subset selection. Artificial Intelligence 97(1–2), 273–324 (1997)MATHCrossRefGoogle Scholar
  14. 14.
    Sabhnani, M., Serpen, G.: On Failure of Machine Learning Algorithms for Detecting Misuse in KDD Intrusion Detection Data Set. Intelligent Analysis (2004)Google Scholar
  15. 15.
  16. 16.
    Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc. of the 2003 Int. Symposium on Applications and the Internet Technology, pp. 209–216. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  17. 17.
    The R Project for Statistical Computing,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dong Seong Kim
    • 1
  • Sang Min Lee
    • 1
  • Jong Sou Park
    • 1
  1. 1.Network Security Lab.Hankuk Aviation UniversitySeoulKorea

Personalised recommendations