Abstract
The (Distributed) Denial of Service (DoS/DDoS) attacks have become the main devastating threats to web services, and generally, the Probing attacks are the prior steps of DoS/DDoS attacks. To achieve the aim of the information assurance, an intrusion detection mechanism based on the Vector Quantization (VQ) technique is proposed for countering DoS/DDoS and Probing attacks in this paper. The normal network traffic usage profile can be modeled and represented by the codebook of VQ from which the abnormal behavior deviation of TCP traffic can be measured quantitatively well. In data processing, according to the characters of DoS/DDoS and Probing attacks, we implement the novel feature extraction of TCP flow state. We apply the detection mechanism to DARPA Intrusion Detection Evaluation Data Set. It is shown that the network attacks are detected with more efficiency and relatively low false alarms.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Usenix Security Symposium, Washington, D.C., pp. 401–414 (2001)
Gray, R., Neuhoff, D.L.: Quantization. IEEE Transactions on Information Theory 44, 2325–2384 (1998)
Denning, D.E.: An Intrusion-detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Eskin, E., Arnold, A., Prerau, M.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proceedings of the 2003 Symposium on Applications and the Internet, pp. 119–123 (2003)
Qiao, Y., Xin, X.W., Bin, Y., Ge, S.: Anomaly Intrusion Detection Method Based on HMM. Electronics Letters 38(13), 663–664 (2002)
Bonifaco, J.M., Moreira, E.S.: An Adaptive Intrusion Detection System Using Neural Network. Research Report, UNESP, Brazil (1997)
Linde, Y., Buzo, A., Gray, R.M.: An Algorithm for Vector Quantizer Design. IEEE Transactions on Communications 28(1), 84–95 (1980)
Ueda, N., Nakano, R.: A New Competitive Learning Approach Based on an Equidistortion Principle for Designing Optimal Vector Quantizers. IEEE Transactions on Neural Networks 7(8), 1211–1227 (1994)
Kohonen, T.: Self-Organization Maps, 3rd edn. Springer, Berlin (1997)
Mitchell, T.: Machine Learning. McGraw Hill, New York (1997)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks 34(4), 579–595 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zheng, J., Hu, Mz. (2005). Intrusion Detection of DoS/DDoS and Probing Attacks for Web Services. In: Fan, W., Wu, Z., Yang, J. (eds) Advances in Web-Age Information Management. WAIM 2005. Lecture Notes in Computer Science, vol 3739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563952_30
Download citation
DOI: https://doi.org/10.1007/11563952_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29227-2
Online ISBN: 978-3-540-32087-6
eBook Packages: Computer ScienceComputer Science (R0)