40 research outputs found

    A Note on Implementing Recurrence Quantification Analysis for Network Anomaly Detection

    Get PDF
    This paper deal with the network anomaly detection, based on the analysis of non-stationary properties that occur in the aggregated IP traffic flows. We use recurrence quantification analysis (RQA), a mathematical nonlinear technique to achieve this task. The objective is to model the standard network traffic and report any deviation from it. We create a baseline from which we derive the RQA parameters. Using these parameters we explore the hidden recurrence patterns in the network traffic. Further, the detection is analysed using the support vector machine to classify the deviations from the regular traffic. Experiments are conducted on Vellore Institute of Technology University campus network traffic data to validate the model.Defence Science Journal, 2012, 62(2), pp.112-116, DOI:http://dx.doi.org/10.14429/dsj.62.117

    Effective Detection and Prevention of Ddos Based on Big Data-Mapreduce

    Get PDF
    Distributed Denial of Service (DDoS) attacks is large-scale cooperative attacks launched from a large number of compromised hosts called Zombies are a major threat to Internet services. As the serious damage caused by DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security methodologies do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. Therefore, keeping this problem in view author presents various significant areas where data mining techniques seem to be a strong candidate for detecting and preventing DDoS attack. The new proposed methodology can perform detecting and preventing DDoS attack using MapReduce concepts in Big Data.Thus the methodology can implement for both detecting and preventing methodologies

    A Comparison Between Divergence Measures for Network Anomaly Detection

    Get PDF
    International audienceThis paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection

    EWMA Based Threshold Algorithm for Intrusion Detection

    Get PDF
    Intrusion detection is used to monitor and capture intrusions into computer and network systems which attempt to compromise their security. Many intrusions manifest in dramatic changes in the intensity of events occuring in computer networks. Because of the ability of exponentially weighted moving average control charts to monitor the rate of occurrences of events based on their intensity, this technique is appropriate for implementation in threshold based algorithms

    Протидія атакам на відмову в мережі інтернет: концепція підходу

    Get PDF
    Робота присвячена дослідженню одного з типів вторгнень через мережу Інтернет – атакам на відмову. Описана історія виникнення проблеми та причини, що зумовили її появу. Проведено огляд існуючих видів атак. Розглянута загальна архітектура системи захисту від атак на відмову. Запропонована модель протидії атакам на основі технології інтелектуальних агентів та теорії ігор.This work deals with denial of service attacks. The papers propose historic overview of the existing attacks and methods of attack detection. Intrusion detection system (IDS) architecture is investigated. We propose a novel agent-based distributed system, which integrates the desirable features provided by the distributed agent-based design methodology with the game theory

    Towards real-time intrusion detection for NetFlow and IPFIX

    Get PDF
    DDoS attacks bring serious economic and technical damage to networks and enterprises. Timely detection and mitigation are therefore of great importance. However, when flow monitoring systems are used for intrusion detection, as it is often the case in campus, enterprise and backbone networks, timely data analysis is constrained by the architecture of NetFlow and IPFIX. In their current architecture, the analysis is performed after certain timeouts, which generally delays the intrusion detection for several minutes. This paper presents a functional extension for both NetFlow and IPFIX flow exporters, to allow for timely intrusion detection and mitigation of large flooding attacks. The contribution of this paper is threefold. First, we integrate a lightweight intrusion detection module into a flow exporter, which moves detection closer to the traffic observation point. Second, our approach mitigates attacks in near real-time by instructing firewalls to filter malicious traffic. Third, we filter flow data of malicious traffic to prevent flow collectors from overload. We validate our approach by means of a prototype that has been deployed on a backbone link of the Czech national research and education network CESNET

    ПРОТИДІЯ АТАКАМ НА ВІДМОВУ В МЕРЕЖІ ІНТЕРНЕТ: КОНЦЕПЦІЯ ПІДХОДУ

    Get PDF
    Робота присвячена дослідженню одного з типів вторгнень через мережу Інтернет – атакам на відмову. Описана історія виникнення проблеми та причини, що зумовили її появу. Проведено огляд існуючих видів атак. Розглянута загальна архітектура системи захисту від атак на відмову. Запропонована модель протидії атакам на основі технології інтелектуальних агентів та теорії ігор. \ud This work deals with denial of service attacks. The papers propose historic overview of the existing attacks and methods of attack detection. Intrusion detection system (IDS) architecture is investigated. We propose a novel agent-based distributed system, which integrates the desirable features provided by the distributed agent-based design methodology with the game theory. \u
    corecore