Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers

Authors:
Ming-Yang Su
Affiliations:
Department of Computer Science and Information Engineering, Ming Chuan University, 5 Teh Ming Road, Gwei Shan District, Taoyuan 333, Taiwan
Venue:
Expert Systems with Applications: An International Journal
Year:
2011

Citing 9
Cited 1

Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control and Artificial Intelligence

Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control and Artificial Intelligence
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Protocol Analysis in Intrusion Detection Using Decision Tree

ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics

Journal of Network and Systems Management
Network Intrusion Detection Through Genetic Feature Selection

SNPD-SAWN '06 Proceedings of the Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing
Decision tree classifier for network intrusion detection with GA-based feature selection

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features

Computer Networks: The International Journal of Computer and Telecommunications Networking

A novel intrusion detection system based on feature generation with visualization strategy

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	12.05

Visualization

Abstract

This study proposed a method which can detect large-scale attacks, such as DoS attacks, in real-time by weighted KNN classifiers. The key factor for designing an anomaly-based NIDS is to select significant features for making decisions. Not only is excellent detection performance required, but real-time processing is also demanded for most NIDSs. A good feature selection policy, which can choose significant and as few as possible features, plays a key role for any successful NIDS. The study proposed a genetic algorithm combined with KNN (k-nearest-neighbor) for feature selection and weighting. All initial 35 features in the training phase were weighted, and the top ones were selected to implement NIDSs for testing. Many DoS attacks were applied to evaluate the systems. For known attacks, an overall accuracy rate as high as 97.42% was obtained, while only the top 19 features were considered. For unknown attacks, an overall accuracy rate of 78% was obtained using the top 28 features.