Detection of Denial of Service Attacks by Ensemble Learning Method

Document Type : -

Authors

1 Department of Computer Engineering, Khameneh Branch, Islamic Azad University, Khameneh, Iran

2 Department of Computer Engineering, Shabestar Branch, Islamic Azad University, Shabestar, Iran

Abstract

In recent years, cyberspace has been filled with cyber-attacks such as denial of service (DoS) attacks, information phishing, financial fraud, spam and so on. One of the most common cyber-attacks that have caused significant economic damage to the financial infrastructure of different countries is denial of service attacks. As a preventive measure, intrusion detection systems equipped with machine learning classification algorithms have been developed to detect anomalies in network traffic. These classification algorithms, depending on the type of DoS attack, have varying degree of success in detecting these attacks and allow users to effectively identify between normal traffic and malicious DoS traffic. In the proposed approach, three steps are used to identify and classify the most common denial of service attacks. The first step is to pre-process the actual SNMP-MIB dataset to scale the data and delete the defective data. In the second stage, by reducing the number of data set features, only the features of the interface group are used, which leads to a reduction in attack detection time. The results show that using the proposed approach, normal traffic and five DoS attacks can be detected from the SNMP-MIB dataset with 100% accuracy rate. Only the detection accuracy of two attacks, UDP Flood and Slowloris, with 99.87 and 99.94% respectively, had a very small error of detection rate.

Keywords

Main Subjects

Smiley face

References

  1. [1] Husák, M.; Komárková, J.; Bou-Harb E.; Čeleda, P. “Survey of Attack Projection, Prediction, and Forecasting in Cyber Security”; IEEE Commun. Surv. Tutorials., 2018, 21, 1, 640–660. http://doi.org/10.1109/COMST.2018.2871866.
  2. [2] Yu, H. Lee, M.-S. Kim, and D. Park, “Traffic Flooding Attack Detection with SNMP MIB using SVM”; Comput. Commun., 2008, 31, 17, 4212–4219. http://doi.org/10.1016/ j.comcom.2008.09.018.
  3. [3] Asadi, M.; Parsa, S.; Jabreil Jamali, M. A.; Majidnezhad, V. “P2P Botnet Detection Using Deep Learning Method”; Electronic and Cyber Defense 2020, 8, 1–14. (In Persian)
  4. [4] Alipour, M. M.; Shokrollahi, S. “The Presentation of a New Defense Framework Against the Distributed Denial of Service Attacks Using the Software Defined Network”; Adv. Defence Sci. & Technol. 2021, 12, 273–284. (In Persian)
  5. [5] Alkasassbeh, ; Al-Naymat, G.; Hassanat, A.; Almseidin, M. “Detecting Distributed Denial of Service Attacks using Data Mining Techniques”; Int. J. Adv. Comput. Sci. Appl. 2016, 7, 436–445. http://doi.org/10.14569/IJACSA.2016. 070159.
  6. [6] Thakkar, A.; Lohiya, R. “A Survey on Intrusion Detection System: Feature Selection, Model, Performance Measures, Application Perspective, Challenges, and Future Research Directions”; Artif. Intell. Rev. 2022, 55, 453–563. http:// doi.org/10.1007/s10462-021-10037-9.
  7. [7] Asadi, M. “Detecting IoT Botnets Based on the Combination of Cooperative Game Theory with Deep and Machine Learning Approaches”; J. Ambient Intell. Hum. Comput. 2021, 13, 5547-5561. http://doi.org/10.1007/ s12652-021-03185-x.
  8. [8] Asadi, M.; Parsa, S.; Jabreil Jamali, M. A.; Majidnezhad, V. “Detecting Botnet by using Particle Swarm Optimization Algorithm Based on Voting System”; Future Gener. Comput. Syst. 2020, 107, 95–111. http://doi.org/10.1016/ j.future.2020.01. 055.
  9. [9] Al-Naymat, G.; Al-Kasassbeh, M.; Al-Hawari, E. “Exploiting SNMP-MIB Data to Detect Network Anomalies using Machine Learning Techniques”; SAI Intelligent Systems Conference, 2018, 991–1004.
  10. Pathan, A.-S. K. “The State of the Art in Intrusion Prevention and Detection”; Auerbach Publications, 2014. http://doi.org/10.1201/ b16390.
  11. Alhaidari, S.; Alharbi, A.; Alshaikhsaleh, M.; Zohdy, M.; Debnath, D. “Network Traffic Anomaly Detection Based on Viterbi Algorithm using SNMP-MIB Data”; Third Int. Conf. Information System and Data Mining, 2019, 92–97. http://doi.org/10.1145/3325917.3325928.
  12. Al-Kasassbeh, M.; Al-Naymat, G.; Al-Hawari, E. “Towards Generating Realistic SNMP-MIB Dataset for Network Anomaly Detection”; Int. J. Comput. Sci. Inform. Secur. 2016, 14, 1162-1185.
  13. Abushwereb, M.; Mustafa, M.; Al-Kasassbeh, M.; Qasaimeh, M. “Attack Based DoS Attack Detection using Multiple Classifier” arXiv Prepr. arXiv2001.05707, 2020.
  14. Cabrera, J. B. D.; Lewis, L.; Qin, X.; Lee, W.; Mehra, R. K. “Proactive Intrusion Detection and Distributed Denial of Service Attacks: A Case Study in Security Management”; J. Network Syst. Manage. 2002, 10, 225–254. http://doi.org/ 10.1023/ A:1015910917349.
  15. Rahmani, C.; Sharifi, M.; Tafazzoli, T. “An Exprimental Analysis of Proactive Detection of Distributed Denial of Service Attacks”; IIT Kanpur Hackers Workshop (IITKHACK04) 2004, 37–44.
  16. Hsiao, H.-W.; Lin, C. S.; Chang, S.-Y. “Constructing an ARP Attack Detection System with SNMP Traffic Data Mining”; 11th Int. Conf. Electronic Commerce 2009, 341–345. http://doi.org/10.1145/1593254.1593309.
  17. Yu, J.; Kang, H.; Park, D.; Bang, H.-C.; Kang, D. W. “An In-Depth Analysis on Traffic Flooding Attacks Detection and System using Data Mining Techniques”; Journal of Systems Architecture, 2013, 59, 1005–1012. http://doi.org/ 10.1016/ j.sysarc.2013.08.008.
  18. Cerroni, W.; Moro, G.; Pirini, T.; Ramilli, M. “Peer-to-Peer Data Mining Classifiers for Decentralized Detection of Network Attacks”; Twenty-Fourth Australasian Database Conference, 2013, 101–107.
  19. Namvarasl S.; Ahmadzadeh, M. “A Dynamic Flooding Attack Detection System Based on Different Classification Techniques and using SNMP-MIB Data”; Int. J. Comput. Netw. Commun. Secur. 2014, 2, 9, 279–284.
  20. Cerroni, W.; Moro, G.; Pasolini, R.; Ramilli, M. “Decentralized Detection of Network Attacks Through P2P Data Clustering of SNMP Data”; Comput. Secur. 2015, 52, 1–16. http://doi.org/10.1016/ j.cose.2015.03.006.
  21. Al-Naymat, G.; Hambouz, A.; Alkasassbeh, M. “Evaluating the Impact of Feature Selection Methods on SNMP-MIB Interface Parameters to Accurately Detect Network Anomalies”; IEEE International Symposium on Signal Processing and Information Technology, 2019, 1–6. http://doi.org/10.1109/ ISSPIT47144. 2019.9001882.
  22. Manna A.; Alkasassbeh, M. “Detecting Network Anomalies using Machine Learning and SNMP-MIB Dataset with IP Group”; 2nd International Conference on New Trends in Computing Sciences (ICTCS), 2019, 1–5. http://doi.org/ 10.1109/ ICTCS. 2019.8923043.
  23. Rajasekar P.; Magudeeswaran, V. “GRU-BWFA Classifier for Detecting DDoS Attack within SNMP-MIB Dataset”; Wireless Pers. Commun., 2021. http://doi.org/10.21203/ rs.3.rs-848205/v1.
  24. Shiravi, A.; Shiravi, H.; Tavallaee, M.; Ghorbani, A. A. “Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection”; Comput. Secur., 2012, 31, 357–374. http://doi.org/10.1016/ J.COSE.2011.12.012.
  25. Alpaydin E. “Machine Learning: The New AI"; MIT press, 2016. http://doi.org/10.7551/mitpress/13811.001.0001.
  26. Ding, S.; Hu, S.; Pan, J.; Li, X.; Li, G.; Liu, X. “A Homogeneous Ensemble Method for Predicting Gastric Cancer Based on Gastroscopy Reports”; Expert Syst. 2020, 37, 3, e12499. http://doi.org/10.1111/exsy.12499.
  27. Petrakova, A.; Affenzeller, M.; Merkurjeva, G. “Heterogeneous versus Homogeneous Machine Learning Ensembles”; Inf. Technol. Manage. Sci. 2015, 18, 135–140. http://doi.org/10.1515/itms-2015-0021.
  28. Asuero, A. G.; Sayago, A.; González, A. G. “The Correlation Coefficient: An Overview”; Crit. Rev. Anal. Chem. 2006, 36, 41-59. http://doi.org/10.1080/10408340500526766.
Journal of Advanced Defense Science & Technology
Volume 14, Issue 1 - Serial Number 51
spring 2024
September 2023
Pages 51-68

Files

History

  • Receive Date: 12 March 2024
  • Revise Date: 21 April 2023
  • Accept Date: 11 May 2023
  • Publish Date: 22 May 2023

Share

How to cite

Statistics