Abstract
In the past few years, internet has experienced a rapid growth in users and services. This led to an increase of different type of cyber-crimes. One of the most important is the Distributed Denial of Service (DDoS) attack, which someone can unleash through many different isolated hosts and make a system to shut down due to resources exhaustion. The importance of the problem can be easily identified due to the huge number of references found in literature trying to detect and prevent such attacks. In the current paper, a novel method based on a data mining technique is introduced in order to early warn the network administrator of a potential DDoS attack. The method uses the advanced All Repeated Patterns Detection (ARPaD) Algorithm, which allows the detection of all repeated patterns in a sequence. The proposed method can give very fast results regarding all IP prefixes in a sequence of hits and, therefore, warn the network administrator if a potential DDoS attack is under development. Based on several experiments conducted, it has been proven experimentally the importance of the method for the detection of a DDoS attack since it can detect a potential DDoS attack at the beginning and before it affects the system.
Chapter PDF
Similar content being viewed by others
Keywords
- Association Rule Mining
- Data Mining Technique
- Pattern Detection
- Network Administrator
- Anomaly Detection Method
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Hoque, N., Monowar, H., Bhuyan, R.C., Baishya, D.K., Bhattacharyya, J.K.: Kalita, Network attacks: Taxonomy, tools and systems. J. Netw. Comput. Appl. 40, 307–324 (2014)
ARBOR Networks, DDOS and Security Reports Live Feed, http://www.arbornetworks.com/asert/2014/03/pravail-security-analytics-packetloop/ (retrieved March 20, 2014)
Wang, D., Yufu, Z., Jie, J.: A multi-core based DDoS detection method. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), July 9-11, vol. 4, pp. 115–118 (2010)
Loukas, G., Oke, G.: Protection against denial of service attacks: A survey. Computer J. British Computer Society. 53, 1020–1037 (2010)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Computer Communication Review 34(2), 39–53 (2004)
Mirkovic, J.: D-WARD: DDoS network attack recognition and defense, PhD disseration prospectus. UCLA (January 23, 2002)
Thapngam, T., Yu, S., Zhou, W., Makki, S.K.: Distributed Denial of Service (DDoS) detection by traffic pattern analysis. Peer-to-Peer Networking and Applications, 1–13 (2012)
Kim, M., Na, H., Chae, K.-J., Bang, H., Na, J.-C.: A combined data mining approach for DDoS attack detection. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 943–950. Springer, Heidelberg (2004)
Oke, G., Loukas, G.: A Denial of Service Detector based on Maximum Likeli-hood Detection and the Random Neural Network. The Computer Journal 50(6), 717–727 (2007)
Rahmani, H., Sahli, N., Kamoun, F.: DDoS flooding attack detection scheme based on F-divergence. Computer Communications 35, 1380–1391 (2012)
Yu, J., Kang, H., Park, D., Bang, H.-C., Kang, D.W.: An in-depth analysis on traffic flooding attacks detection and system using data mining techniques. Journal of Systems Architecture 59(10-B),1005–1012 (2013)
Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1), 41–55 (2007)
Wang, F., Wang, H., Wang, X., Su, J.: A new multistage approach to detect subtle DDoS attacks. Mathematical and Computer Modelling 55(1), 198–213 (2012)
Oke, G., Loukas, G., Gelenbe, E.: Detecting denial of service attacks with bayesian classifiers and the random neural network. In: IEEE International Fuzzy Systems Conference, FUZZ-IEEE 2007, pp. 1–6. IEEE (2007)
Xylogiannopoulos, K., Karampelas, P., Alhajj, R.: Periodicity Data Mining in Time Series Using Suffix Arrays. In: Proc. IEEE Intelligent Systems IS12 (2012)
Xylogiannopoulos, K., Karampelas, P., Alhajj, R.: Exhaustive Patterns Detectio. In: Time Series Using Suffix Arrays (2012) (manuscript in submission)
Xylogiannopoulos, K., Karampelas, P., Alhajj, R.: Minimization of Suffix Arrays Storage Capacity for Periodicity Detection in Time Series. In: Proc. IEEE International Conference in Tools with Artificial Intelligence (2012)
Xylogiannopoulos, K., Karampelas, P., Alhajj, R.: Experimental Analysis on the Normality of pi, e, phi and square root of 2 Using Advanced Data Mining Techniques. Experimental Mathematics (2014) (in press)
Xylogiannopoulos, K., Karampelas, P., Alhajj, R.: Analyzing Very Large Time Series Using Suffix Arrays. Applied Intelligence (2014) (submitted for publication)
Manber, U., Myers, G.: Suffix Arrays: A New Method for On-Line String Searches. In: Proceedings of the first Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 319–327 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Xylogiannopoulos, K., Karampelas, P., Alhajj, R. (2014). Early DDoS Detection Based on Data Mining Techniques. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43826-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-662-43826-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43825-1
Online ISBN: 978-3-662-43826-8
eBook Packages: Computer ScienceComputer Science (R0)