Abstract
In this paper we present a robust neural network detector for Distributed Denial-of-Service (DDoS) attacks in computers providing Internet services. A genetic algorithm is used to select a small number of efficient features from an extended set of 44 statistical features, which are estimated only from the packet headers. The genetic evaluation produces an error-free neural network DDoS detector using only 14 features. Moreover, the experimental results showed that the features that best qualify for DDoS detection are the SYN and URG flags, the probability of distinct Source Ports in each timeframe, the number of packets that use certain port ranges the TTL and the window size in each timeframe.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Mell, P., Marks, D., McLarnon: A denial-of-Service. Computer Networks 34, 641 (2000)
Ditrich, S.: Analyzing Distributed Denial of Service Tools: The Shaft Case. In: Proc of the 14th Systems Administration Conference-LISA 2000, New Orleans, USA, pp. 329–339 (2000)
Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion Detection with Neural Networks. In: Jordan, M., et al. (eds.) Advances in Neural Information Processing Systems 10, pp. 943–949. MIT Press, Cambridge (1998)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion Detection using Neural Networks and Support Vector Machines. In: Proc. IJCNN, vol. 2, pp. 1702–1707 (2002)
Bonifacio, J., Casian, A.: Neural Networks Applied in Intrusion Detection Systems. In: Proc. Word Congress on Computational Intelligence - WCCI, Anchorage, USA, pp. 205–210 (1998)
Helmer, G., Wong, J., Honavar, V., Miller, L.: Feature Selection Using a Genetic Algorithm for Intrusion Detection. In: Proceedings of the Genetic and Evolutionary Computation Conference, vol. 2, p. 1781 (1999)
Chen, Y.W.: Study on the prevention of SYN flooding by using traffic policing. In: IEEE Symposium on Network Operations and Management, pp. 593–604 (2000)
Schuba, C., Krsul, I., Kuhn, M., Spafford, E., Sundaram, A., Zamboni, D.: Analysis of a denial-of-service attack on TCP. In: Proc. IEEE Computer Society Symposium on Research in Security and Privacy, USA, pp. 208–223 (1997)
Lippmann, R., Cunnigham, R.: Improving intrusion detection performance using Keyword selection and neural networks. Computer Networks 34, 596–603 (2000)
Lau, F., Rubin, S., Smith, M., Trajkovic, L.: Distributed denail-of-service attacks. In: Proc. IEEE Inter. Conference on Systems, Man and Cybernetics, vol. 3, pp. 2275–2280 (2000)
Cabrera, J., Ravichandran, B., Mehra, R.: Statistical Traffic Modeling for network intrusion detection. In: IEEE Inter. Workshop on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems, pp. 466–473 (2000)
Bivens, A., Palagiri, C., Smith, R., Szymanski, B., Embrechts, M.: Network-Based Intrusion Detection using Neural Networks. In: Artificial Neural Networks In Engineering, St. Louis, Missouri, November 10-13 (2002)
Narayanaswamy, K., Ross, T., Spinney, B., Paquette, M., Wright, C.: System and process for defending against denial of service attacks on network nodes. Patent WO0219661, Top Layer Networks Inc., USA (2002)
Fletcher, R.: Practical methods of optimization, pp. 38–45. John Wiley & Sons, Chichester (1980)
Back, T., Schwefel, H.: An overview of evolutionary algorithms for parameter optimization. Evolutionary Computation 1, 1–23 (1993)
Goldberg, D.: Genetic algorithms in Search, Optimization and Machine Learning. Addison- Wesley, Reading (1989)
Branch, J., Bivens, A., Chan, C., Lee, T., Szymanski, B.: Denial of Service Intrusion Detection Using Time-Dependent Finite Automata, http://www.cs.rpi.edu/~brancj/research.htm
Cox, D., McClanahan, K.: Method for Blocking Denial of Service and Address spoofing attacks on a private network. Patent WO9948303, Cisco Tech Ind, USA (1999)
Belissent, J.: Method and apparatus for preventing a denial of service (DOS) attack by selectively throttling TCP/IP requests. Patent WO0201834, Sun Microsystems Inc, USA (2002)
Maher, R., Bennett, V.: Method for preventing denial of service attacks. Patent WO0203084, Netrake Corp, USA (2002)
Scwartau, W.: Surviving denial-of-service. Computers & Security 18, 124–133 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dimitris, G., Ioannis, T., Evangelos, D. (2004). Feature Selection for Robust Detection of Distributed Denial-of-Service Attacks Using Genetic Algorithms. In: Vouros, G.A., Panayiotopoulos, T. (eds) Methods and Applications of Artificial Intelligence. SETN 2004. Lecture Notes in Computer Science(), vol 3025. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24674-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-24674-9_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21937-8
Online ISBN: 978-3-540-24674-9
eBook Packages: Springer Book Archive