Skip to main content

Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept

  • Conference paper
Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. The PAAMS Collection (PAAMS 2014)

Abstract

A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Reed, M.: Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis. SANS Institute InfoSec Reading Room (2011), http://www.sans.org/reading-room/whitepapers/detection

  2. Troj/Flood-IM. Backdoor DDoS Trojan. Detected by Sophas, https://secure2.sophos.com/

  3. Alomari, E., Gupta, B.B., Karuppayah, S.: Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications 2012, 24–32 (2012)

    Article  Google Scholar 

  4. Mitchell, T.M.: Machine Learning, 1st edn., ch. 3,4,6,7, pp. 52–78, 81–117, 128–145, 157–198. McGraw-Hill Science/Engineering/Math., New York (1997)

    Google Scholar 

  5. Prolexic, Global Leader in DDoS Protection and Mitigation. (2003), http://www.prolexic.com

  6. Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2nd International Symposium on Aware Computing (ISAC), Tainan, November 1-4, pp. 196–199 (2010)

    Google Scholar 

  7. Akilandeswari, V., Shalinie, S.M.: Probabilistic Neural Network based attack traffic classification. In: Fourth International Conference on Advanced Computing (ICoAC), Chennai, December 13-15, pp. 1–8 (2012)

    Google Scholar 

  8. Siaterlis, C., Maglaris, V.: Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. In: Proceedings of the 10th IEEE Symposium. on Computers and Communications (ISCC), June 27-30, pp. 469–475 (2005)

    Google Scholar 

  9. Gupta, B.B., Joshi, C., Misra, M.: ANN Based Scheme to Predict Number of Zombies in a DDoS Attack. International Journal of Network Security 13(3), 216–225 (2011)

    Google Scholar 

  10. Badishi, G., Keidar, I., Romanov, O., Yachin, A.: Denial of Service? Leave it to Beaver. Project supported by Israeli Ministry of Science, pp. 3–14 (2006)

    Google Scholar 

  11. Shi, E., Stoica, I., Andersen, D., Perrig, D.: OverDoSe: A Generic DDoS Protection Service Using an Overlay Network. Technical report CMU-CS-06-114, pp. 2–12 (2006), http://www.cs.umd.edu/~elaine/docs/overdose.ps

  12. Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions on Parallel and Distributed Systems 18(12), 1649–1662 (2007)

    Article  Google Scholar 

  13. Al-Duwairi, B., Manimaran, G.: A novel packet marking scheme for IP traceback. In: Proceedings of the Tenth International Conference on Parallel and Distributed Systems (ICPADS), July 7-9, pp. 195–202 (2004)

    Google Scholar 

  14. Gong, C., Sarac, K.: A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking. IEEE Trans. on Parallel and Distributed System 19(10), 1310–1324 (2008)

    Article  Google Scholar 

  15. Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS Attacks Using Entropy Variations. Transactions on Parallel and Distributed Systems 22(3), 412–425 (2011)

    Article  Google Scholar 

  16. Novak, J., Northcutt, S.: Network Intrusion Detection, 3rd edn. Sams, pp. 8–30 (2002)

    Google Scholar 

  17. Stuttgart Neural Network Simulator, University of Stuttgart (Version 4.1) (1995), http://www.nada.kth.se/~orre/snns-manual/

  18. Pino, M.: A Theoretical & Practical Introduction to Self Organization using JNNS. University of Applied Sciences Brandenburg (September 2005)

    Google Scholar 

  19. Jayalakshmi, T., Santhakumaran, A.: Statistical Normalization and Back Propagation for Classification. International Journal of Computer Theory and Engineering 3(1), 89–93 (2011)

    Article  Google Scholar 

  20. Zhang, Q., Sun, S.: Weighted Data Normalization Based on Eigenvalues for Artificial Neural Network Classification. In: Leung, C.S., Lee, M., Chan, J.H. (eds.) ICONIP 2009, Part I. LNCS, vol. 5863, pp. 349–356. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Wallen, J.: IPTraf (Version 3.0) “Open Source project” (September 2005), http://iptraf.seul.org

  22. Bedón, C., Saied, A.: Snort-AI (Version 2.4.3) “Open Source project” (January 2009), http://snort-ai.sourceforge.net/index.php

  23. Roesch, M.: Snort (Version 2.9) “Open Source Project” (1998), http://www.snort.org

  24. Russell, R.: iptables (Version 1.4.21) “Open Source project” (1998), http://ipset.netfilter.org/iptables.man.html

  25. Leu, F., Pai, C.: Detecting DoS and DDoS Attacks Using Chi-Square. In: Fifth International Conference on Information Assurance and Security (IAS 2009), Xian, August 18-20, pp. 225–258 (2010)

    Google Scholar 

  26. Xu, X., Wei, D., Zhang, Y.: Improved Detection Approach for Distributed Denial of Service Attack Based on SVM. In: 2011 Third Pacific-Asia Conference on Circuits, Communications and Systems (PACCS), Wuhan, July 17-18, pp. 1–3 (2011)

    Google Scholar 

  27. Jie-Hao, C., Feng-Jiao, C., Zhang: DDoS defense system with test and neural network. In: IEEE International Conference on Granular Computing (GrC), Hangzhou, China, August 11-13, pp. 38–43 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Saied, A., Overill, R.E., Radzik, T. (2014). Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept. In: Corchado, J.M., et al. Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. The PAAMS Collection. PAAMS 2014. Communications in Computer and Information Science, vol 430. Springer, Cham. https://doi.org/10.1007/978-3-319-07767-3_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07767-3_28

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07766-6

  • Online ISBN: 978-3-319-07767-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics