Abstract
Anomaly based DDoS detection systems construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic deviate from normal profile beyond a threshold. This deviation in traffic beyond threshold is used in the past for DDoS detection but not for finding zombies. In this paper, two layer feed forward neural networks of different sizes are used to estimate number of zombies involved in a DDoS attack. The sample data used to train the feed forward neural networks is generated using NS-2 network simulator running on Linux platform. The generated sample data is divided into training data and test data and MSE is used to compare the performance of various feed forward neural networks. Various sizes of feed forward networks are compared for their estimation performance. The generalization capacity of the trained network is promising and the network is able to predict number of zombies involved in a DDoS attack with very less test error.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gupta, B.B., Misra, M., Joshi, R.C.: An ISP level Solution to Combat DDoS attacks using Combined Statistical Based Approach. International Journal of Information Assurance and Security (JIAS) 3(2), 102–110 (2008)
Gupta, B.B., Joshi, R.C., Misra, M.: Defending against Distributed Denial of Service Attacks: Issues and Challenges. Information Security Journal: A Global Perspective 18(5), 224–247 (2009)
Gupta, B.B., Joshi, R.C., Misra, M.: Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detection in ISP Network. International Journal of Computer Theory and Engineering (IJCTE) 1(1), 71–80 (2009)
Burns, R., Burns, S.: Advanced Control Engineering. Butterworth Heinemann (2001)
Dayhoff, U.E., DeLeo, J.M.: Artificial neural networks. Cancer 91(S8), 1615–1635 (2001)
Yegnanarayana, B.: Artificial Neural Networks. Prentice-Hall, New Delhi (1999)
Moore, D., Shannon, C., Brown, D.J., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. ACM Transactions on Computer Systems 24(2), 115–139 (2006)
GT-ITM Traffic Generator Documentation and tool, http://www.cc.gatech.edu/fac/EllenLegura/graphs.html
NS Documentation, http://www.isi.edu/nsnam/ns
Shannon, C.E.: A mathematical theory of communication. ACM SIGMOBILE Mobile Computing and Communication Review 5, 3–55 (2001)
Gibson, B.: TCP Limitations on File Transfer Performance Hamper the Global Internet. White paper (2006), http://www.niwotnetworks.com/gbx/TCPLimitsFastFileTransfer.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gupta, B.B. et al. (2011). Predicting Number of Zombies in a DDoS Attack Using ANN Based Scheme. In: Das, V.V., Thomas, G., Lumban Gaol, F. (eds) Information Technology and Mobile Communication. AIM 2011. Communications in Computer and Information Science, vol 147. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20573-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-20573-6_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20572-9
Online ISBN: 978-3-642-20573-6
eBook Packages: Computer ScienceComputer Science (R0)