Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Journal of Network and Systems Management
Network Fault Management Based on SNMP Agent Groups
ICDCSW '01 Proceedings of the 21st International Conference on Distributed Computing Systems
Hybrid Genetic Algorithms for Feature Selection
IEEE Transactions on Pattern Analysis and Machine Intelligence
Fast Binary Feature Selection with Conditional Mutual Information
The Journal of Machine Learning Research
Iterative RELIEF for feature weighting
ICML '06 Proceedings of the 23rd international conference on Machine learning
ACM SIGCOMM Computer Communication Review
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A new intrusion detection system using support vector machines and hierarchical clustering
The VLDB Journal — The International Journal on Very Large Data Bases
Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Feature selection for classifying high-dimensional numerical data
CVPR'04 Proceedings of the 2004 IEEE computer society conference on Computer vision and pattern recognition
On the anomaly intrusion-detection in mobile ad hoc network environments
PWC'06 Proceedings of the 11th IFIP TC6 international conference on Personal Wireless Communications
Intrusion detection of DoS/DDoS and probing attacks for web services
WAIM'05 Proceedings of the 6th international conference on Advances in Web-Age Information Management
Traffic anomaly detection and characterization in the tunisian national university network
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Intrusion detection system based on multi-class SVM
RSFDGrC'05 Proceedings of the 10th international conference on Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing - Volume Part II
An adaptive network intrusion detection method based on PCA and support vector machines
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
An incremental SVM for intrusion detection based on key feature selection
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
International Journal of Network Management
Flooding attacks detection in backbone traffic using power divergence
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Ensemble-based DDoS detection and mitigation model
Proceedings of the Fifth International Conference on Security of Information and Networks
Detecting SYN flooding attacks based on traffic prediction
Security and Communication Networks
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
An in-depth analysis on traffic flooding attacks detection and system using data mining techniques
Journal of Systems Architecture: the EUROMICRO Journal
Hi-index | 0.24 |
Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. Little or no integration exists between IDS and SNMP-based network management, in spite of the extensive monitoring and statistical information provided by SNMP agents implemented on network devices and systems. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. The involved SNMP MIB variables are selected by an effective feature selection mechanism and gathered effectively by the MIB update time prediction mechanism. Secondly, we use a machine learning approach based on a Support Vector Machine (SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB datasets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.