Compiling network traffic into rules using soft computing methods for the detection of flooding attacks

Applied Soft Computing Journal

Volumn 8, Issue 3, 2008, Pages 1200-1210

  Noh, Sanguk ^a   Jung, Gihyun ^b   Choi, Kyunghee ^b   Lee, Cheolho ^c  

^a The Catholic University of Korea   (South Korea)

^b Ajou University   (South Korea)

^c National Security Research Institute (NSRI)   (South Korea)

Author keywords

Compiled rules; Flooding attacks; Intrusion detection; Network traffic modeling; Soft computing

Indexed keywords

FLOOD CONTROL; MATHEMATICAL MODELS; SECURITY OF DATA; SOFT COMPUTING; TELECOMMUNICATION NETWORKS;

COMPILED RULES; DISTRIBUTED DENIAL-OF-SERVICE (DDOS) ATTACK; FLOODING ATTACKS; NETWORK TRAFFIC MODELING; TRAFFIC FLUCTUATIONS;

TELECOMMUNICATION TRAFFIC;

EID: 40649126581     PISSN: 15684946     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.asoc.2007.02.016     Document Type: Article

References (31)

1. BindView's RAZOR Security Team, Zombie Zapper, available on-line: http://razor.bindview.com/tools/ZombieZapper_form.shtml, 2001.
2. Clark P., and Niblett T. The CN2 induction algorithm. Mach. Learn. J. 3 4 (1989) 261-283
3. D. Dittrich, Distributed denial of service (DDoS) Attacks/tools, available on-line: http://staff.washington.edu/dittrich/misc/ddos/, 2006.
4. Elalfi A.E., Haque R., and Elalami M.E. Extracting rules from trained neural network using GA for managing E-business. Appl. Soft Comput. 4 (2004) 65-77
5. Garber L. Denial-of-service attacks rip the Internet. IEEE Comput. 33 4 (2000) 12-17
6. Gil T.M., and Poletto M. MULTOPS: a data-structure for bandwidth attack detection. Proceedings of the 10th USENIX Security Symposium (2001) 23-38
7. R. Hanson, J. Stutz, P. Cheeseman, Bayesian Classification Theory, Technical Report FIA-90-12-7-01, NASA Ames Research Center, AI Branch, 1991.
8. L. Holder, ML v2.0: Machine Learning Program Evaluator, available on-line: http://www-cse.uta.edu/∼holder/ftp/ml2.0.tar.gz.
9. K. Houle, G. Weaver, N. Long, R. Thomas, Trends in denial of service attack technology, CERT Coordination Center White Paper, available on-line: http://www.cert.org/archive/pdf/DoS_trends.pdf, 2001.
10. A. Householder, A. Manion, L. Pesante, G.M. Weaver, Managing the Threat of Denial-of-Service Attacks, CERT Coordination Center White Paper, available on-line: http://www.cert.org/archive/pdf/Managing_DoS.pdf, 2001.
11. Kargl F., Maier J., and Weber M. Protecting web servers from distributed Denial of service attacks. Proceedings of the 10th International Conference on World Wide Web (2001) 514-524
12. Karray F.O., and Silva C.D. Soft Computing Intelligent Systems Design: Theory, Tools and Applications (2004), Addison Wesley, Harlow, England
13. Kasabov N. Adaptation and interaction in dynamical systems: modelling and rule discovery through evolving connectionist systems. Appl. Soft Comput. 6 (2006) 307-322
14. A.B. Kulkarni, S.F. Bush, S.C. Evans, Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics, Technical Report 2001CRD176, GE Research and Development Center, 2001.
15. Lawrence Berkeley National Laboratory's Network Research Group, libpcap: the Packet Capture library, available on-line: http://ftp.ee.lbl.gov/, 2002.
16. Lee C., Noh S., Choi K., and Jung G. Characterizing DDoS attacks with traffic rate analysis. Proceedings of e-Society (2003) 81-88
17. Li M., and Vitanyi P. An Introduction to Kolmogorov Complexity and Its Applications. second ed. (1997), Springer Verlag, New York
18. Liu J.C., Shin K.G., and Chang C.C. Prevention of congestion in packet-switched multistage interconnection networks. IEEE Trans. Parallel Distrib. Syst. 6 5 (1995) 535-541
19. Moore D., Voelker G.M., and Savage S. Inferring Internet Denial-of-Service activity. Proceedings of the 10th USENIX Symposium (2001) 9-22
20. Moshou D., Hostens I., Papaioannou G., and Ramon H. Dynamic muscle fatigue detection using self-organizing maps. Appl. Soft Comput. 5 (2005) 391-398
21. Mutaf P. Defending against a Denial-of-Service attack on TCP. Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (1999)
22. The National Infrastructure Protection Center (NIPC), Potential Distributed Denial of Service (DDoS) Attacks, ADVISORY 01-021, 2001.
23. Noh S., and Gmytrasiewicz P.J. Towards flexible multi-agent decision-making under time pressure. Proceedings of IJCAI (1999) 492-498
24. Noh S., Lee C., Choi K., and Jung G. Detecting Distributed Denial of Service (DDoS) Attacks Through Inductive Learning, Lecture Notes in Computer Science 2690 (2003), Springer Verlag, New York pp. 286-295
25. Packet Storm, Tribe Flood Network 2000 (TFN2K) DDoS tool, available on-line: http://packetstormsecurity.org/distributed/TFN2k_Analysis-1.3.txt, 2000.
26. Quinlan J.R. C4. 5: Programs for Machine Learning (1993), Morgan Kaufmann Publishers, San Francisco
27. Standard Performance Evaluation Corporation, SPECweb99 Benchmark, available on-line: http://www.spec.org/osg/web99, 2005.
28. TheoryGroup, Remote Intrusion Detector (RID), available on-line: http://www.theorygroup.com/Software/RID, 2001.
29. Wang H., Zhang D., and Shin K.G. Detecting SYN flooding attacks. Proceedings of IEEE INFOCOM '02 (2002) 1530-1539
30. Xiong Y., Liu S., and Sun P. On the defense of the distributed denial of service attacks: an on-off feedback control approach. IEEE Trans. Syst. Man Cybern.-Part A: Syst. Hum. 31 4 (2001) 282-293
31. Zadeh L.A. Fuzzy logic, neural networks and soft computing. Commun. ACM 37 3 (1994) 77-84