Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control and Artificial Intelligence
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
ICPR '00 Proceedings of the International Conference on Pattern Recognition - Volume 1
Protocol Analysis in Intrusion Detection Using Decision Tree
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Network Intrusion Detection Through Genetic Feature Selection
SNPD-SAWN '06 Proceedings of the Seventh ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing
Decision tree classifier for network intrusion detection with GA-based feature selection
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Bayesian Neural Networks for Internet Traffic Classification
IEEE Transactions on Neural Networks
An effective unsupervised network anomaly detection method
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Policy-enhanced ANFIS model to counter SOAP-related attacks
Knowledge-Based Systems
Journal of Network and Computer Applications
Journal of Network and Computer Applications
Data summarization for network traffic monitoring
Journal of Network and Computer Applications
Hi-index | 0.00 |
This paper proposes a method to identify flooding attacks in real-time, based on anomaly detection by genetic weighted KNN (K-nearest-neighbor) classifiers. A genetic algorithm is used to train an optimal weight vector for features; meanwhile, an unsupervised clustering algorithm is applied to reduce the number of instances in the sampling dataset, in order to shorten training and execution time, as well as to promote the system's overall accuracy. More precisely, instances in the sampling dataset are replaced by less, but more significant, centroids of clusters. According to the proposed method, a system is implemented and evaluated by numerous Denial-of-Service (DoS) attacks. With an embedded weighted KNN classifier, the proposed system could identify a DoS attack from network traffic within a very short time; moreover, the experimental results show that the proposed system could achieve 95.8654% in overall accuracy in the case of 2-fold cross-validation, and 96.25% in overall accuracy for all known attack evaluations. That is, the proposed system possesses both effectiveness and efficiency. Effectiveness is measured by overall accuracy, including detection rate and false alarm rate, and efficiency is measured by the response time during an attack.