Denial of Service(DoS) attacks pose a big threat to any electronic society. DoS and DDoS attacks are catastrophic particularly when applied to highly sensitive targets like Critical Information Infrastructure. While research literature has focussed on using various fundamental classifier models for detecting attacks, the common trend observed in literature is to classify DoS attacks into the broad class of intrusions, which makes proposed solutions to this class of attacks unrealistic in practical terms. In this work, the approach to a carefully engineered, practically realised system to detect DoS attacks using a Naìve Bayesian(NB) classifier is described. The work includes network modeling for two protocols - TCP and UDP. © 2011 IEEE.

B Ravindran

Department of Computer Science and Engineering

Serugudi V. Raghavan

Bayesian

Bayesian classifier

CLASSIFIER MODELS

CRITICAL INFORMATION

DDOS ATTACK

DDOS DETECTION

DENIAL OF SERVICE ATTACKS

DETECTING ATTACKS

DOS ATTACKS

Highly sensitive

NETWORK MODELING

System approach

Bayesian networks

Communication systems

Computer crime

CRITICAL INFRASTRUCTURES

Internet protocols

Security of data

Transmission control protocol

Knowledge based systems

IIT Madras is a public technical and research university located in Chennai, Tamil Nadu. Founded in 1959, it is recognised as an Institute of National Importance.

IIT Madras has been ranked as the top engineering institute in India for four years in a row by the National Institutional Ranking Framework of the MHRD

It currently offers undergraduate, postgraduate and research degrees across 16 disciplines in Engineering, Sciences, Humanities and Management. About 596 faculty belonging to science and engineering departments and centres of the Institute are engaged in teaching, research and industrial consultancy.

IIT Madras

A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier

2011 3rd International Conference on Communication Systems and Networks, COMSNETS 2011

Any activity aimed at disrupting a service or making a resource unavailable or gaining unauthorized access can be termed as an intrusion. Examples include buffer overflow attacks, flooding attacks, system break-ins, etc. Intrusion detection systems (IDSs) play a key role in detecting such malicious activities and enable administrators in securing network systems. Two key criteria should be met by an IDS for it to be effective: (i) ability to detect unknown attack types, (ii) having very less miss classification rate. In this paper we describe an adaptive network intrusion detection system, that uses a two stage architecture. In the first stage a probabilistic classifier is used to detect potential anomalies in the traffic. In the second stage a HMM based traffic model is used to narrow down the potential attack IP addresses. Various design choices that were made to make this system practical and difficulties faced in integrating with existing models are also described. We show that this system achieves good performance empirically. © 2012 IEEE.

Fulltext

2012 4th International Conference on Communication Systems and Networks, COMSNETS 2012

Adaptive network intrusion detection system using a hybrid approach

International Journal of Recent Trends in Engineering and Research

Classification of KDDCup99 Dataset for Intrusion Detection: A Survey

Journal of Surgery

http://www.avensonline.org/fulltextarticles/JSUR-2332-4139-S1-0001.html

Journal of Networks

A Novel Distributed Detection Scheme against DDoS Attack

American Journal of Applied Sciences

From Feature Selection to Building of Bayesian Classifiers: A Network Intrusion Detection Perspective

Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008

Usefulness of DARPA dataset for intrusion detection system evaluation

Journal	2011 3rd International Conference on Communication Systems and Networks, COMSNETS 2011
Open Access	No