Detection of Denial of Service Attacks against Domain Name System Using Neural Networks

Along with the explosive growth of the Internet, the demand for efficient and secure Internet Infrastructure has been increasing. For the entire chain of Internet connectivity the Domain Name System (DNS) provides name to address mapping services. Hackers exploit this fact to damage different parts of Internet. In order to prevent this system from different types of attacks, we need to prepare a classification of possible security threats against DNS. This dissertation focuses on Denial of Service (DoS) attacks as the major security issue during last years, and gives an overview of techniques used to discover and analyze them. The process of detection and classification of DoS against DNS has been presented in two phases in our model. The proposed system architecture consists of a statistical pre-processor and a machine learning engine. The first step in our work was to generate the DNS traffic in normal and attack situations for using as the input of our intrusion detection system (IDS). With the prior knowledge of DoS attacks against DNS, we used a network simulator to model DNS traffic with high variability. Therefore, the difficulty of creating different scenarios of attacks in a real environment has been decreased. The pre-processor, processes the collected data statistically and derives the final variable values. These parameters are the inputs of the detector engine. In the current research for our machine learning engine, we aimed to find the optimum machine learning algorithm to be used as an IDS. The performance of our system was measured in terms of detection rate, accuracy, and false alarm rate. The results indicated that the three layered back propagation neural network with a 3-7-3 structure provides a detection rate of 99.55% for direct DoS attacks and 97.82% for amplification DoS attacks. It can give us 99% accuracy and an acceptable false alarm rate of 0.28% comparing to other types of classifiers

Intelligent network intrusion detection using an evolutionary computation approach

With the enormous growth of users\u27 reliance on the Internet, the need for secure and reliable computer networks also increases. Availability of effective automatic tools for carrying out different types of network attacks raises the need for effective intrusion detection systems. Generally, a comprehensive defence mechanism consists of three phases, namely, preparation, detection and reaction. In the preparation phase, network administrators aim to find and fix security vulnerabilities (e.g., insecure protocol and vulnerable computer systems or firewalls), that can be exploited to launch attacks. Although the preparation phase increases the level of security in a network, this will never completely remove the threat of network attacks. A good security mechanism requires an Intrusion Detection System (IDS) in order to monitor security breaches when the prevention schemes in the preparation phase are bypassed. To be able to react to network attacks as fast as possible, an automatic detection system is of paramount importance. The later an attack is detected, the less time network administrators have to update their signatures and reconfigure their detection and remediation systems. An IDS is a tool for monitoring the system with the aim of detecting and alerting intrusive activities in networks. These tools are classified into two major categories of signature-based and anomaly-based. A signature-based IDS stores the signature of known attacks in a database and discovers occurrences of attacks by monitoring and comparing each communication in the network against the database of signatures. On the other hand, mechanisms that deploy anomaly detection have a model of normal behaviour of system and any significant deviation from this model is reported as anomaly. This thesis aims at addressing the major issues in the process of developing signature based IDSs. These are: i) their dependency on experts to create signatures, ii) the complexity of their models, iii) the inflexibility of their models, and iv) their inability to adapt to the changes in the real environment and detect new attacks. To meet the requirements of a good IDS, computational intelligence methods have attracted considerable interest from the research community. This thesis explores a solution to automatically generate compact rulesets for network intrusion detection utilising evolutionary computation techniques. The proposed framework is called ESR-NID (Evolving Statistical Rulesets for Network Intrusion Detection). Using an interval-based structure, this method can be deployed for any continuous-valued input data. Therefore, by choosing appropriate statistical measures (i.e. continuous-valued features) of network trafc as the input to ESRNID, it can effectively detect varied types of attacks since it is not dependent on the signatures of network packets. In ESR-NID, several innovations in the genetic algorithm were developed to keep the ruleset small. A two-stage evaluation component in the evolutionary process takes the cooperation of rules into consideration and results into very compact, easily understood rulesets. The effectiveness of this approach is evaluated against several sources of data for both detection of normal and abnormal behaviour. The results are found to be comparable to those achieved using other machine learning methods from both categories of GA-based and non-GA-based methods. One of the significant advantages of ESR-NIS is that it can be tailored to specific problem domains and the characteristics of the dataset by the use of different fitness and performance functions. This makes the system a more flexible model compared to other learning techniques. Additionally, an IDS must adapt itself to the changing environment with the least amount of configurations. ESR-NID uses an incremental learning approach as new flow of traffic become available. The incremental learning approach benefits from less required storage because it only keeps the generated rules in its database. This is in contrast to the infinitely growing size of repository of raw training data required for traditional learning

Hierarchical architecture as a new approach for building web applications

Controlling and testing a large scale web application is a time consuming and expensive job because of the huge number of pages and their actions. The hierarchical architecture proposed in this paper is a framework which can decreases nested relations between web pages. We can also use different programming methods like object oriented or structured over this model. One of the most important advantages of this architecture is increasing the control and security of the application in its different layers. This architecture also eases adding new modules to the main body of the program and software maintenance

Detection of denial of service attacks against domain name system using neural networks

In this paper we introduce an intrusion detection system for Denial of Service (DoS) attacks against Domain Name System (DNS). Our system architecture consists of two most important parts: a statistical preprocessor and a neural network classifier. The preprocessor extracts required statistical features in a shorttime frame from traffic received by the target name server. We compared three different neural networks for detecting and classifying different types of DoS attacks. The proposed system is evaluated in a simulated network and showed that the best performed neural network is a feed-forward backpropagation with an accuracy of 99%

Les Infections oculaires externes du chien (essai thérapeutique d'un collyre à la gentamicine : étude comparée avec un collyre associant néomycine et polymixine B)

LYON1-BU Santé (693882101) / SudocSudocFranceF