Detection of denial-of-service attacks based on computer vision techniques

University of Technology, Sydney. Faculty of Engineering and Information Technology.A Denial-of-Service (DoS) attack is an intrusive attempt, which aims to force a designated resource (e.g., network bandwidth, processor time or memory) to be unavailable to its intended users. This attack is launched either by deliberately exploiting system vulnerabilities of a victim (e.g., a host, a router, or an entire network) or by flooding a victim with large volume of useless network traffic. Since 1990s, DoS attacks have emerged as a type of the most severe network intrusive behaviours and have posed serious threats to the infrastructures of computer networks and various network-based services. This thesis aims to provide an intelligent and effective solution for DoS attack detection. Unlike the related works based on machine learning and statistical analysis, this thesis suggests to treat network traffic records as images and to redefine the DoS attack detection problem as a computer vision task. To achieve the aforementioned objectives, this thesis first conducts a detailed literature review on the state of the art in DoS attack detection. Then, it analyses and chooses the most appropriate mechanisms for DoS attack detection. Afterwards, it designs a general system framework for DoS attack detection with respect to the chosen mechanisms. Furthermore, two Multivariate Correlation Analysis (MCA) approaches are proposed based on two techniques, namely Euclidean distance and triangle area. These two proposed MCA approaches provide accurate description for network traffic records and facilitate conversion of network traffic into the respective images. In addition, this thesis proposes a DoS attack detection system, in which the images of network traffic are served as the observed objects and the task of DoS attack detection is reformulated as a computer vision problem, namely image retrieval. This proposed DoS attack detection system applies a widely used dissimilarity measure, namely the Earth Mover’s Distance (EMD), to object classification. The EMD takes cross-bin matching into account and provides a more accurate evaluation on the dissimilarity between distributions than some other well-known dissimilarity measures, such as Minkowski-form distance Lp and X² statistics. The merits of the EMD facilitate the capability of our proposed system with effective detection. Last but not least, our intelligent and effective solutions, including the two proposed MCA approaches and the EMD-based DoS attack detection system, are evaluated using the KDD Cup 99 dataset. The evaluation results illustrate that our proposed MCA approaches provide accurate characterisation for network traffic, and the proposed detection system can detect unknown DoS attacks and outperforms two state-of-the-art approaches

A system based on Naive Bayesian for Denial-Of-Service Attack detection

Denial-of-service (DoS) attacks cause serious effect on systems. For most correct network traffic characterization, attack detection system uses multivariate correlation analysis (MCA). It Extract the geometrical correlations in between network traffic features. MCA based system enlightens the principle of anomaly based detection while attack recognition. MCA makes the situation easy for detecting known and unknown types of DoS attacks by simply observing the legitimate network traffic patterns. MCA uses Triangle Area Map (TAM) technique to speed up the Multivariate Correlation Analysis process. Proposed system can be evaluated by using KDD cup99 dataset. Naive Bayes (NBS) classifier is used as for attack detection. This algorithm addresses the problem of classifying the large intrusion detection dataset, which improves the detection rates and reduces the false positives at acceptable level in intrusion detection.It is probabilistic classifier which based on applying Bayes theorem.The proposed DoS attack detection system achieved highest accuracy as comparing to RBFN and IBK.99.96% accuracy is achieved by intrusion detection system.The Proposed detection system gives very low false positive Rate as about 0.002% which helps to increase the performance of detection System. As compare to RBFN and IBK, Naïve bayes classifier gives very low false positive rate, which helps to increase the performance of detection System. As compare to RBFN and IBK, Naïve bayes classifier gives very low false positive rate

Denial-of-service attack detection based on multivariate correlation analysis

The reliability and availability of network services are being threatened by the growing number of Denial-of-Service (DoS) attacks. Effective mechanisms for DoS attack detection are demanded. Therefore, we propose a multivariate correlation analysis approach to investigate and extract second-order statistics from the observed network traffic records. These second-order statistics extracted by the proposed analysis approach can provide important correlative information hiding among the features. By making use of this hidden information, the detection accuracy can be significantly enhanced. The effectiveness of the proposed multivariate correlation analysis approach is evaluated on the KDD CUP 99 dataset. The evaluation shows encouraging results with average 99.96% detection rate and 2.08% false positive rate. Comparisons also show that our multivariate correlation analysis based detection approach outperforms some other current researches in detecting DoS attacks. © 2011 Springer-Verlag

An intrusion detection system based on polynomial feature correlation analysis

© 2017 IEEE. This paper proposes an anomaly-based Intrusion Detection System (IDS), which flags anomalous network traffic with a distance-based classifier. A polynomial approach was designed and applied in this work to extract hidden correlations from traffic related statistics in order to provide distinguishing features for detection. The proposed IDS was evaluated using the well-known KDD Cup 99 data set. Evaluation results show that the proposed system achieved better detection rates on KDD Cup 99 data set in comparison with another two state-of-the-art detection schemes. Moreover, the computational complexity of the system has been analysed in this paper and shows similar to the two state-of-the-art schemes