Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept

Alan Saied; Richard E. Overill; Tomasz Radzik

doi:10.1007/978-3-319-07767-3_28

Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept

Alan Saied, Richard E. Overill, Tomasz Radzik

Department of Informatics

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

10 Citations (Scopus)

Abstract

A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.

Original language	English
Title of host publication	Communications in Computer and Information Science
Publisher	Springer-Verlag Berlin Heidelberg
Pages	300-320
Number of pages	21
Volume	430
ISBN (Print)	9783319077666
DOIs	https://doi.org/10.1007/978-3-319-07767-3_28
Publication status	Published - 2014

Publication series

Name	Communications in Computer and Information Science
Volume	430
ISSN (Print)	18650929

Keywords

ANN
characteristic features (patterns)
forged packets
known and unknown DDoS attacks
Snort-AI
training process

Access to Document

10.1007/978-3-319-07767-3_28

Cite this

@inbook{a632aa50c0b744479f50ee498d9c0bcb,

title = "Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept",

abstract = "A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.",

keywords = "ANN, characteristic features (patterns), forged packets, known and unknown DDoS attacks, Snort-AI, training process",

author = "Alan Saied and Overill, {Richard E.} and Tomasz Radzik",

year = "2014",

doi = "10.1007/978-3-319-07767-3_28",

language = "English",

isbn = "9783319077666",

volume = "430",

series = "Communications in Computer and Information Science",

publisher = "Springer-Verlag Berlin Heidelberg",

pages = "300--320",

booktitle = "Communications in Computer and Information Science",

}

Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept. / Saied, Alan ; Overill, Richard E.; Radzik, Tomasz.
Communications in Computer and Information Science. Vol. 430 Springer-Verlag Berlin Heidelberg, 2014. p. 300-320 (Communications in Computer and Information Science; Vol. 430).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks

T2 - Proof-of-Concept

AU - Saied, Alan

AU - Overill, Richard E.

AU - Radzik, Tomasz

PY - 2014

Y1 - 2014

N2 - A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.

AB - A Distributed Denial of Service attack (DDoS) is designed to overload a target device and its networks with packets to damage its resources or services. This paper proposes an Artificial Neural Network (ANN) detection engine to flag known and unknown attacks from genuine traffic. Based on experiments and data analysis, specific patterns are selected to separate genuine from DDoS packets, thus allowing normal traffic to reach its destination. The mitigation process is triggered when the detection system identifies attacks based on the known characteristic features (patterns) that were fed to the ANN during the training process. Such characteristic patterns separate attacks from normal traffic. We have evaluated our solution against related work based on accuracy, sensitivity, specificity and precision.

KW - ANN

KW - characteristic features (patterns)

KW - forged packets

KW - known and unknown DDoS attacks

KW - Snort-AI

KW - training process

UR - http://www.scopus.com/inward/record.url?scp=84903522053&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-07767-3_28

DO - 10.1007/978-3-319-07767-3_28

M3 - Chapter

AN - SCOPUS:84903522053

SN - 9783319077666

VL - 430

T3 - Communications in Computer and Information Science

SP - 300

EP - 320

BT - Communications in Computer and Information Science

PB - Springer-Verlag Berlin Heidelberg

ER -

Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks: Proof-of-Concept

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this