Distributed Denial of Service Attacks (DDoS Attacks)

Distributed Denial of Service Attacks continue to be among the most prolific forms of attack against information systems. According to the NSFOCUS DDOS Report for 2014 (ID#:14-1643) (available at: http://en.nsfocus.com/2014/SecurityReport_0320/165.html), DDOS attacks occur at the rate of 28 per hour. Research into method of prevention, detection, and response and mitigation is also substantial, as the articles presented here show.

• Vahid Aghaei Foroushani, A. Nur Zincir-Heywood, “TDFA: Traceback-Based Defense against DDoS Flooding Attacks,” AINA '14 Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications , May 2014, (Pages 597-604). (ID#:14-1644) Distributed Denial of Service (DDoS) attacks are one of the challenging network security problems to address. The existing defense mechanisms against DDoS attacks usually filter the attack traffic at the victim side. The problem is exacerbated when there are spoofed IP addresses in the attack packets. In this case, even if the attacking traffic can be filtered by the victim, the attacker may reach the goal of blocking the access to the victim by consuming the computing resources or by consuming a big portion of the bandwidth to the victim. This paper proposes a Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach to counter this problem. TDFA consists of three main components: Detection, Trace back, and Traffic Control. In this approach, the goal is to place the packet filtering as close to the attack source as possible. In doing so, the traffic control component at the victim side aims to set up a limit on the packet forwarding rate to the victim. This mechanism effectively reduces the rate of forwarding the attack packets and therefore improves the throughput of the legitimate traffic. Our results based on real world data sets show that TDFA is effective to reduce the attack traffic and to defend the quality of service for the legitimate traffic.
  
  Keywords: Packet Filtering, Traffic Control, IP Traceback, DDoS Attack, Deterministic Flow Marking

• Varsha Nigam, Saurabh Jain, Kavita Burse, “Profile Based Scheme against DDoS Attack in WSN,” CSNT '14 Proceedings of the 2014 Fourth International Conference on Communication Systems and Network Technologies , April 2014, (Pages 112-116). (ID#:14-1645) Available at: http://dl.acm.org/citation.cfm?id=2624304.2624677&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 Wireless Sensor networks (WSN) is an promising technology and have enormous prospective to be working in critical situations like battlefields and commercial applications such as traffic surveillance, building, habitat monitoring and smart homes and many more scenarios. One of the major challenges in wireless sensor networks face today is security. In this paper we proposed a profile based protection scheme (PPS security scheme against DDoS (Distributed Denial of Service) attack. This king of attacks are flooding access amount of unnecessary packets in network by that the network bandwidth are consumed by that data delivery in network are affected. Our main aim is visualized the effect of DDoS attack in network and identify the node or nodes that are affected the network performance. The profile based security scheme are check the profile of each node in network and only the attacker is one of the node that flooded the unnecessary packets in network then PPS has block the performance of attacker. The performance of network is measured on the basis of performance metrics like routing load, throughput etc. The simulation results are represents the same performance in case of normal routing and in case of PPS scheme, it means that the PPS scheme is effective and showing 0% infection in presence of attacker.
  
  Keywords: Wireless Sensor Network, Security Goal, PPS, DDoS Attacks, Defensive mechanisms, Challenges 

• Mark Shtern, Roni Sandel, Marin Litoiu, Chris Bachalo, Vasileios Theodorou, “Towards Mitigation of Low and Slow Application DDoS Attacks,” IC2E '14 Proceedings of the 2014 IEEE International Conference on Cloud Engineering , March 2014, (Pages 604-609). (ID#:14-1646) Available at: http://dl.acm.org/citation.cfm?id=2624303.2624640&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 Distributed Denial of Service attacks are a growing threat to organizations and, as defense mechanisms are becoming more advanced, hackers are aiming at the application layer. For example, application layer Low and Slow Distributed Denial of Service attacks are becoming a serious issue because, due to low resource consumption, they are hard to detect. In this position paper, we propose a reference architecture that mitigates the Low and Slow Distributed Denial of Service attacks by utilizing Software Defined Infrastructure capabilities. We also propose two concrete architectures based on the reference architecture: a Performance Model-Based and Off-The-Shelf Components based architecture, respectively. We introduce the Shark Tank concept, a cluster under detailed monitoring that has full application capabilities and where suspicious requests are redirected for further filtering.
  
  Keywords: Software Defined Network, Low and Slow Distributed Denial of Service (LSDDoS), Application Layer, Cloud

•  Saeed M. Alqahtani, Maqbool Al Balushi, Robert John, “An Intelligent Intrusion Detection System for Cloud Computing (SIDSCC),” CSCI '14 Proceedings of the 2014 International Conference on Computational Science and Computational Intelligence - Volume 02, March 2014, (Pages 135-141). (ID#:14-1647) Available at: http://dl.acm.org/citation.cfm?id=2623763.2623882&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 Cloud computing is a distributed architecture that has shared resources, software, and information. There exists a great number of implementations and research for Intrusion Detection Systems (IDS) in grid and cloud environments, however they are limited in addressing the requirements for an ideal intrusion detection system. Security issues in Cloud Computing (CC) have become a major concern to its users, availability being one of the key security issues. Distributed Denial of Service (DDoS) is one of these security issues that poses a great threat to the availability of the cloud services. The aim of this research is to evaluate the performance of IDS in CC when the DDoS attack is detected in a private cloud, named Saa SCloud. A model has been implemented on three virtual machines, Saa SCloud Model, DDoS attack Model, and IDSServer Model. Through this implementation, Service Intrusion Detection System in Cloud Computing (SIDSCC) will be proposed, investigated and evaluated.
  
  Keywords: IDS, DDoS Attack, ICMP Flood, Cloud Computing, Saa SCloud, IDSServer, SIDSCC

• Arne Welzel, Christian Rossow, Herbert Bos, “On Measuring The Impact Of DDOS Botnets,” EuroSec '14 Proceedings of the Seventh European Workshop on System Security , April 2014, (Article No. 3). (ID#:14-1648) Available at: http://dl.acm.org/citation.cfm?id=2592791.2592794&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 Miscreants use DDoS botnets to attack a victim via a large number of malware-infected hosts, combining the bandwidth of the individual PCs. Such botnets have thus a high potential to render targeted services unavailable. However, the actual impact of attacks by DDoS botnets has never been evaluated. In this paper, we monitor C&C servers of 14 DirtJumper and Yoddos botnets and record the DDoS targets of these networks. We then aim to evaluate the availability of the DDoS victims, using a variety of measurements such as TCP response times and analyzing the HTTP content. We show that more than 65% of the victims are severely affected by the DDoS attacks, while also a few DDoS attacks likely failed.
  
  Keywords: DDOS, bots, botnets, security

• Kazuya Okada, Hiroaki Hazeyama, Youki Kadobayashi, “Oblivious DDoS Mitigation With Locator/ID Separation Protocol,” CFI '14 Proceedings of The Ninth International Conference on Future Internet Technologies,June 2014, (Article No. 8). (ID#:14-1649) Available at: http://dl.acm.org/citation.cfm?id=2619287.2619291&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 The need to keep an attacker oblivious of an attack mitigation effort is a very important component of a defense against denial of services (DoS) and distributed denial of services (DDoS) attacks because it helps to dissuade attackers from changing their attack patterns. Conceptually, DDoS mitigation can be achieved by two components. The first is a decoy server that provides a service function or receives attack traffic as a substitute for a legitimate server. The second is a decoy network that restricts attack traffic to the peripheries of a network, or which reroutes attack traffic to decoy servers. In this paper, we propose the use of a two-stage map table extension Locator/ID Separation Protocol (LISP) to realize a decoy network. We also describe and demonstrate how LISP can be used to implement an oblivious DDoS mitigation mechanism by adding a simple extension on the LISP MapServer. Together with decoy servers, this method can terminate DDoS traffic on the ingress end of an LISP-enabled network. We verified the effectiveness of our proposed mechanism through simulated DDoS attacks on a simple network topology. Our evaluation results indicate that the mechanism could be activated within a few seconds, and that the attack traffic can be terminated without incurring overhead on the MapServer.
  
  Keywords: DoS/DDoS, LISP, mitigation, routing

• Y. S. Dai, Y. P. Xiang, Y. Pan, “Bionic Autonomic Nervous Systems for Self-Defense against DoS, Spyware, Malware, Virus, and Fishing,” ACM Transactions on Autonomous and Adaptive Systems (TAAS),Volume 9 Issue 1, March 2014, ( Article No. 4). (ID#:14-1650) Available at: http://dl.acm.org/citation.cfm?id=2597760.2567924&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 Computing systems and networks become increasingly large and complex with a variety of compromises and vulnerabilities. The network security and privacy are of great concern today, where self-defense against different kinds of attacks in an autonomous and holistic manner is a challenging topic. To address this problem, we developed an innovative technology called Bionic Autonomic Nervous System (BANS). The BANS is analogous to biological nervous system, which consists of basic modules like cyber axon, cyber neuron, peripheral nerve and central nerve. We also presented an innovative self-defense mechanism which utilizes the Fuzzy Logic, Neural Networks, and Entropy Awareness, etc. Equipped with the BANS, computer and network systems can intelligently self-defend against both known and unknown compromises/attacks including denial of services (DoS), spyware, malware, and virus. BANS also enabled multiple computers to collaboratively fight against some distributed intelligent attacks like DDoS. We have implemented the BANS in practice. Some case studies and experimental results exhibited the effectiveness and efficiency of the BANS and the self-defense mechanism.
  
  Keywords: Autonomic computing, artificial intelligence, machine learning, self-defense

• Anteneh Girma, Moses Garuba, Rojini Goel, “Cloud Computing Vulnerability: DDoS as Its Main Security Threat, and Analysis of IDS as a Solution Model,” ITNG '14 Proceedings of the 2014 11th International Conference on Information Technology: New Generations, April 2014, (Pages 307-312). (ID#:14-1651) Available at: http://dl.acm.org/citation.cfm?id=2634435.2635148&coll=DL&dl=GUIDE&CFID=507431191&CFTOKEN=68808106 Cloud computing has emerged as an increasingly popular means of delivering IT-enabled business services and a potential technology resource choice for many private and government organizations in today's rapidly changing computing environment. Consequently, as cloud computing technology, functionality and usability expands unique security vulnerabilities and treats requiring timely attention arise continuously. The primary challenge being providing continuous service availability. This paper will address cloud security vulnerability issues, the threats propagated by a distributed denial of service (DDOS) attack on cloud computing infrastructure and also discuss the means and techniques that could detect and prevent the attacks.
  
  Keywords: Cloud, DDoS, IDS, Security, Vulnerability

• Foroushani, Vahid Aghaei; Zincir-Heywood, ANur, "TDFA: Traceback-Based Defense against DDoS Flooding Attacks," Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on , vol., no., pp.597,604, 13-16 May 2014. (ID#:14-1652) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838719&isnumber=6838626 Distributed Denial of Service (DDoS) attacks are one of the challenging network security problems to address. The existing defense mechanisms against DDoS attacks usually filter the attack traffic at the victim side. The problem is exacerbated when there are spoofed IP addresses in the attack packets. In this case, even if the attacking traffic can be filtered by the victim, the attacker may reach the goal of blocking the access to the victim by consuming the computing resources or by consuming a big portion of the bandwidth to the victim. This paper proposes a Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach to counter this problem. TDFA consists of three main components: Detection, Trace back, and Traffic Control. In this approach, the goal is to place the packet filtering as close to the attack source as possible. In doing so, the traffic control component at the victim side aims to set up a limit on the packet forwarding rate to the victim. This mechanism effectively reduces the rate of forwarding the attack packets and therefore improves the throughput of the legitimate traffic. Our results based on real world data sets show that TDFA is effective to reduce the attack traffic and to defend the quality of service for the legitimate traffic.
  
  Keywords: Bandwidth; Computer crime; Filtering; IP networks; Image edge detection; Internet; Protocols; DDoS Attack; Deterministic Flow Marking; IP Traceback; Packet Filtering; Traffic Control

• Cepheli, Ozge; Buyukcorak, Salina; Kurt, Gunes Karabulut, "User behaviour modelling based DDoS attack detection," Signal Processing and Communications Applications Conference (SIU), 2014 22nd , vol., no., pp.2186,2189, 23-25 April 2014. (ID#:14-1653) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830697&isnumber=6830164 Distributed Denial of Service (DDoS) attacks are one of the most important threads in network systems. Due to the distributed nature, DDoS attacks are very hard to detect, while they also have the destructive potential of classical denial of service attacks. In this study, a novel 2-step system is proposed for the detection of DDoS attacks. In the first step an anomaly detection is performed on the destination IP traffic. If an anomaly is detected on the network, the system proceeds into the second step where a decision on every user is made due to the behaviour models. Hence, it is possible to detect attacks in the network that diverges from users' behavior model.
  
  Keywords: Adaptation models; Computer crime; Conferences; IP networks; Mathematical model; Signal processing; DDoS; EM; expectation maximization; user modeling

• Anwar, Z.; Malik, A.W., "Can A DDoS Attack Meltdown my Data Center? A Simulation Study and Defense Strategies," Communications Letters, IEEE, vol. PP, no.99, pp.1,1, June 2014. (ID#:14-1654) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825828&isnumber=5534602 The goal of this research is to explore the extent to which the vulnerabilities plaguing the Internet particularly, susceptibility to distributed denial-of-service (DDoS) attacks impact the Cloud. DDoS has been known to disrupt Cloud services but could it do worse by permanently damaging server and switch hardware? Services are hosted in data centers with thousands of servers generating large amounts of heat. Heating, Ventilation and Air-Conditioning (HVAC) systems prevent server downtime due to overheating. These are managed remotely using network management protocols that are susceptible to network attacks. Recently Cloud providers experienced outages due to HVAC malfunctions. Our contributions include a network simulation to study the feasibility of such an attack motivated by our experiences of such a security incident in a real data center. It demonstrates how a network simulator can study the interplay of the communication and thermal properties of a network and help prevent the Cloud provider’s worst nightmare: meltdown of the data center as a result of a DDoS-attack.
  
  Keywords: (not provided) 

• Luo, J.; Yang, X.; Wang, J.; Xu, J.; Sun, J.; Long, K., "On a Mathematical Model for Low-Rate Shrew DDoS," Information Forensics and Security, IEEE Transactions on , vol.9, no.7, pp.1069,1083, July 2014. (ID#:14-1655) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6807757&isnumber=6819111 The shrew distributed denial of service (DDoS) attack is very detrimental for many applications, since it can throttle TCP flows to a small fraction of their ideal rate at very low attack cost. Earlier works mainly focused on empirical studies of defending against the shrew DDoS, and very few of them provided analytic results about the attack itself. In this paper, we propose a mathematical model for estimating attack effect of this stealthy type of DDoS. By originally capturing the adjustment behaviors of victim TCPs congestion window, our model can comprehensively evaluate the combined impact of attack pattern (i.e., how the attack is configured) and network environment on attack effect (the existing models failed to consider the impact of network environment). Henceforth, our model has higher accuracy over a wider range of network environments. The relative error of our model remains around 10% for most attack patterns and network environments, whereas the relative error of the benchmark model in previous works has a mean value of 69.57%, and it could be more than 180% in some cases. More importantly, our model reveals some novel properties of the shrew attack from the interaction between attack pattern and network environment, such as the minimum cost formula to launch a successful attack, and the maximum effect formula of a shrew attack. With them, we are able to find out how to adaptively tune the attack parameters (e.g., the DoS burst length) to improve its attack effect in a given network environment, and how to reconfigure the network resource (e.g., the bottleneck buffer size) to mitigate the shrew DDoS with a given attack pattern. Finally, based on our theoretical results, we put forward a simple strategy to defend the shrew attack. The simulation results indicate that this strategy can remarkably increase TCP throughput by nearly half of the bottleneck bandwidth (and can be higher) for general attack patterns.
  
  Keywords: Adaptation models; Bandwidth; Computer crime; Delays; Mathematical model; Packet loss; Throughput; Attack effect; low-rate distributed denial of service (DDoS) attack; mathematical model; shrew attack

• Geva, M.; Herzberg, A; Gev, Y., "Bandwidth Distributed Denial of Service: Attacks and Defenses," Security & Privacy, IEEE , vol.12, no.1, pp.54,61, Jan.-Feb. 2014. (ID#:14-1656) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6519235&isnumber=6756734 The Internet is vulnerable to bandwidth distributed denial-of-service (BW-DDoS) attacks, wherein many hosts send a huge number of packets to cause congestion and disrupt legitimate traffic. So far, BW-DDoS attacks have employed relatively crude, inefficient, brute force mechanisms; future attacks might be significantly more effective and harmful. To meet the increasing threats, we must deploy more advanced defenses.
  
  Keywords: Internet; computer network security; BW-DDoS attacks; BW-DDoS defense; Internet; bandwidth distributed denial-of-service; brute force mechanisms; legitimate traffic; network congestion; Bandwidth; Computer crime; Computer security; IP networks; Routing protocols; Servers; DDoS; DoS; DoS attacks; DoS mitigation; bandwidth flooding; denial of service

• Fachkha, Claude; Bou-Harb, Elias; Debbabi, Mourad, "Fingerprinting Internet DNS Amplification DDoS Activities," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, vol., no., pp.1, 5, March 30 2014-April 2 2014. (ID#:14-1657) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814019&isnumber=6813963 This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work is to extract cyber security intelligence related to DNS Amplification DDoS activities such as detection period, attack duration, intensity, packet size, rate and geo- location in addition to various network-layer and flow-based insights. To achieve this task, the proposed approach exploits certain DDoS parameters to detect the attacks. We empirically evaluate the proposed approach using 720 GB of real darknet data collected from a /13 address space during a recent three months period. Our analysis reveals that the approach was successful in inferring significant DNS amplification DDoS activities including the recent prominent attack that targeted one of the largest anti-spam organizations. Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS attacks. Further, the results uncover high-speed and stealthy attempts that were never previously documented. The case study of the largest DDoS attack in history lead to a better understanding of the nature and scale of this threat and can generate inferences that could contribute in detecting, preventing, assessing, mitigating and even attributing of DNS amplification DDoS activities.
  
  Keywords: (not provided) 

• Hammi, Badis; Khatoun, Rida; Doyen, Guillaume, "A Factorial Space for a System-Based Detection of Botcloud Activity," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on , vol., no., pp.1,5, March 30 2014-April 2 2014. (ID#:14-1658) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6813996&isnumber=6813963 Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomenon is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based dettection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcloud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.
  
  Keywords: (not provided)

• Badis, Hammi; Doyen, Guillaume; Khatoun, Rida, "Understanding botclouds from a system perspective: A principal component analysis," Network Operations and Management Symposium (NOMS), 2014 IEEE , vol., no., pp.1,9, 5-9 May 2014. (ID#:14-1659) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838310&isnumber=6838210 Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.
  
  Keywords: Cloud computing; Computer crime; Context; Correlation; Measurement; Principal component analysis; Storms

• Maheshwari, R.; Krishna, C.R.; Brahma, M.S., "Defending network system against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering technique," Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014 International Conference on , vol., no., pp.206,209, 7-8 Feb. 2014. (ID#:14-1660) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6781280&isnumber=6781240 IP spoofing based DDoS attack that relies on multiple compromised hosts in the network to attack the victim. In IP spoofing, IP addresses can be forged easily, thus, makes it difficult to filter illegitimate packets from legitimate one out of aggregated traffic. A number of mitigation techniques have been proposed in the literature by various researchers. The conventional Hop Count Filtering or probabilistic Hop Count Filtering based research work indicates the problems related to higher computational time and low detection rate of illegitimate packets. In this paper, DPHCF-RTT technique has been implemented and analysed for variable number of hops. Goal is to improve the limitations of Conventional HCF or Probabilistic HCF techniques by maximizing the detection rate of illegitimate packets and reducing the computation time. It is based on distributed probabilistic HCF using RTT. It has been used in an intermediate system. It has the advantage for resolving the problems of network bandwidth jam and host resources exhaustion. MATLAB 7 has been used for simulations. Mitigation of DDoS attacks have been done through DPHCF-RTT technique. It has been shown a maximum detection rate up to 99% of malicious packets.
  
  Keywords: IP networks; computer network security ;information filtering; DPHCF-RTT packet filtering technique; IP addresses; IP spoofing; MATLAB 7;conventional HCF techniques; conventional hop count filtering; distributed DoS attacks; distributed probabilistic HCF; host resources exhaustion; illegitimate packet filtering; mitigation techniques; network bandwidth jam; probabilistic HCF techniques; probabilistic hop count filtering; Broadband communication; Educational institutions; IP networks; Probabilistic logic; Receivers; Servers; DDoS; Distributed Probabilistic HCF (DPHCF);Hop Count; Hop Count Filtering (HCF);Intermediate System; Packet Filtering; Round Trip Time (RTT);TTL 

• Katkar, Vijay D.; Bhatia, Deepti S., "Lightweight approach for detection of denial of service attacks using numeric to binary preprocessing," Circuits, Systems, Communication and Information Technology Applications (CSCITA), 2014 International Conference on , vol., no., pp.207,212, 4-5 April 2014. (ID#:14-1661) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6839260&isnumber=6839219 Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack, exhausts the resources of server/service and makes it unavailable for legitimate users. With increasing use of online services and attacks on these services, the importance of Intrusion Detection System (IDS) for detection of DoS/DDoS attacks has also grown. Detection accuracy & CPU utilization of Data mining based IDS is directly proportional to the quality of training dataset used to train it. Various preprocessing methods like normalization, discretization, fuzzification are used by researchers to improve the quality of training dataset. This paper evaluates the effect of various data preprocessing methods on the detection accuracy of DoS/DDoS attack detection IDS and proves that numeric to binary preprocessing method performs better compared to other methods. Experimental results obtained using KDD 99 dataset are provided to support the efficiency of proposed combination.
  
  Keywords: Data Preprocessing; Denial of Service attacks; Intrusion Detection Systems; Numeric to Binary preprocessing

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.