Detection of known and unknown DDoS attacks using Artificial Neural Networks

Alan Saied; Richard E. Overill; Tomasz Radzik

doi:10.1016/j.neucom.2015.04.101

Detection of known and unknown DDoS attacks using Artificial Neural Networks

Alan Saied, Richard E. Overill, Tomasz Radzik

Research output: Contribution to journal › Article › peer-review

285 Citations (Scopus)

Abstract

The key objective of a Distributed Denial of Service (DDoS) attack is to compile multiple systems across the Internet with infected zombies/agents and form botnets of networks. Such zombies are designed to attack a particular target or network with different types of packets. The infected systems are remotely controlled either by an attacker or by self-installed Trojans (e.g. roj/Flood-IM) that are programmed to launch packet floods. Within this context, the purpose of this paper is to detect and mitigate known and unknown DDoS attacks in real time environments. We have chosen an Artificial Neural Network (ANN) algorithm to detect DDoS attacks based on specific characteristic features (patterns) that separate DDoS attack traffic from genuine traffic.

Original language	English
Pages (from-to)	385-393
Number of pages	9
Journal	Neurocomputing
Volume	172
Early online date	8 Aug 2015
DOIs	https://doi.org/10.1016/j.neucom.2015.04.101
Publication status	Published - 8 Jan 2016

Keywords

DDoS attacks
DDoS detectors
Genuine and DDoS patterns

Access to Document

10.1016/j.neucom.2015.04.101

Cite this

@article{df5a4b1296654b8291f5184204eb7cdc,

title = "Detection of known and unknown DDoS attacks using Artificial Neural Networks",

abstract = "The key objective of a Distributed Denial of Service (DDoS) attack is to compile multiple systems across the Internet with infected zombies/agents and form botnets of networks. Such zombies are designed to attack a particular target or network with different types of packets. The infected systems are remotely controlled either by an attacker or by self-installed Trojans (e.g. roj/Flood-IM) that are programmed to launch packet floods. Within this context, the purpose of this paper is to detect and mitigate known and unknown DDoS attacks in real time environments. We have chosen an Artificial Neural Network (ANN) algorithm to detect DDoS attacks based on specific characteristic features (patterns) that separate DDoS attack traffic from genuine traffic.",

keywords = "DDoS attacks, DDoS detectors, Genuine and DDoS patterns",

author = "Alan Saied and Overill, {Richard E.} and Tomasz Radzik",

year = "2016",

month = jan,

day = "8",

doi = "10.1016/j.neucom.2015.04.101",

language = "English",

volume = "172",

pages = "385--393",

journal = "Neurocomputing",

issn = "0925-2312",

publisher = "Elsevier",

}

TY - JOUR

T1 - Detection of known and unknown DDoS attacks using Artificial Neural Networks

AU - Saied, Alan

AU - Overill, Richard E.

AU - Radzik, Tomasz

PY - 2016/1/8

Y1 - 2016/1/8

N2 - The key objective of a Distributed Denial of Service (DDoS) attack is to compile multiple systems across the Internet with infected zombies/agents and form botnets of networks. Such zombies are designed to attack a particular target or network with different types of packets. The infected systems are remotely controlled either by an attacker or by self-installed Trojans (e.g. roj/Flood-IM) that are programmed to launch packet floods. Within this context, the purpose of this paper is to detect and mitigate known and unknown DDoS attacks in real time environments. We have chosen an Artificial Neural Network (ANN) algorithm to detect DDoS attacks based on specific characteristic features (patterns) that separate DDoS attack traffic from genuine traffic.

AB - The key objective of a Distributed Denial of Service (DDoS) attack is to compile multiple systems across the Internet with infected zombies/agents and form botnets of networks. Such zombies are designed to attack a particular target or network with different types of packets. The infected systems are remotely controlled either by an attacker or by self-installed Trojans (e.g. roj/Flood-IM) that are programmed to launch packet floods. Within this context, the purpose of this paper is to detect and mitigate known and unknown DDoS attacks in real time environments. We have chosen an Artificial Neural Network (ANN) algorithm to detect DDoS attacks based on specific characteristic features (patterns) that separate DDoS attack traffic from genuine traffic.

KW - DDoS attacks

KW - DDoS detectors

KW - Genuine and DDoS patterns

UR - http://www.scopus.com/inward/record.url?scp=84946499243&partnerID=8YFLogxK

U2 - 10.1016/j.neucom.2015.04.101

DO - 10.1016/j.neucom.2015.04.101

M3 - Article

AN - SCOPUS:84946499243

SN - 0925-2312

VL - 172

SP - 385

EP - 393

JO - Neurocomputing

JF - Neurocomputing

ER -

Detection of known and unknown DDoS attacks using Artificial Neural Networks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this