Conference PaperPDF Available

DoS attack detection technique using back propagation neural network

Authors:
Monika Khandelwal at National Institute of Technology Srinagar
Monika Khandelwal
Deepak Kumar Gupta at National Institute of Technology Jalandhar
Deepak Kumar Gupta
Pradeepkumar Bhale at National Institute of Technology Jalandhar
Pradeepkumar Bhale
Download full-text PDF
Read full-text
Download citation

Figures

Figures - uploaded by Pradeepkumar Bhale
Author content
All figure content in this area was uploaded by Pradeepkumar Bhale
Content may be subject to copyright.
Content uploaded by Pradeepkumar Bhale
Author content
All content in this area was uploaded by Pradeepkumar Bhale on Dec 23, 2017
Content may be subject to copyright.
DoS Attack Detection Technique Using Back
Propagation Neural Network
Monika Khandelwal
Computer science & engineering
NIT Jalandhar
Jalandhar, India
Khandelwalmonu21@gmail.com
Mr. Deepak Kumar Gupta
Computer science & engineering
NIT Jalandhar
Jalandhar, India
guptadk@nitj.ac.in
Mr. Pradeep Bhale
Computer science & engineering
NIT Jalandhar
Jalandhar, India
Bhalepradeepkumar.iiit@gmail.com
Abstract
Denial of Service attack is an endeavor to make a
gadget or framework resources occupied to its proposed clients.
DoS attack expends casualty's framework assets, for example,
data transfer capacity, memory, CPU by sending gigantic
number of fake requests so that the intended user cannot obtain
services and denial of service happens. This paper presents an
intelligent technique for the detection of denial of service attack.
This technique can easily detect DoS attack by using back-
propagation neural network (BPNN). The parameters used in
this technique are CPU usage, frame length and flow rate. In this
technique, analysis of server assets and network traffic for
training and testing the ability of detection method and the
results shows that the proposed method can detect DoS attack
with 96.2% accuracy.
Keywords—
Denial of service, Back Propagation Neural
Network, Detection accuracy.
I. INTRODUCTION
Security dangers are getting to be one of the real issues that
obstruct the improvement of electronic services because of the
progression of the computer networks. System security attacks
show up in various modes and structures. One of the widely
known attacks is Denial of Service (DoS). A DoS attack as
name demonstrates is essentially an effort by an attacker to
make network assets busy by sending a huge number of fake
requests so that the intended clients cannot obtain access. DOS
attacks are a standout amongst the most generally spread
issues confronted by the vast majority of the Web access
Suppliers (ISP's) today. DoS attacks cause genuine effect on
the computer system frameworks. In this way, how to discover
and use server resources against malicious activities become a
significant research trend.
DoS attacks are effectively accomplished by making
utilization of the impediment of the system convention
alongside repeating service demands for the application.
Denial of Service attack exploits the absence of authenticity in
the IP convention, objectively arranged and stateless
environment of the Web. These day’s web servers confront the
most thorough dangers that are Denial of service attacks.
DoS attack is a significant Web security problem. DoS
attack is that a large number of customers simultaneously send
fake requests to certain server on the web such that this server
is well occupied to offer normal services to others. A DoS
attack happens when a few frameworks surge the bandwidth
or resources of a victim system, i.e. the attacker sends large
number of spurious requests to the victim machine to exhaust
its resources.
In this paper, I propose a neural framework based way to
deal with effectively identify DoS attacks. To identify the DoS
attack, neural system based strategy is one of the best way to
deal with recognize attack variations, which searches for
deviations from normal behavior, flagging a perhaps attack.
This paper concentrates on distinguishing threats in the nearby
network by capturing all the packets that reach the victim
system.
In the following segment, segment 2 examines a portion of
the related works. The next segment, segment 3 depicts and
characterizes DoS attack. Segment 4 explains neural network.
Segment 5 describes the experimental setup and next segment
is result and discussion followed by the conclusion.
II. RELATED
WORKS
A few techniques for detection of DoS attack have been
proposed.
Al Islam [1] proposed a simulated based way to deal with
accurately recognize a DoS attack by using Recurrent Neural
Networks (RNN) and classified denial of service and
distributed denial of service attacks. This discovery instrument
was connected at customer side and at intermediate nodes. The
considered components for proposed method were resource
utilization parameters and number of requests rejected in some
past time slots. The output of the Recurrent Neural Network
was a posteriori likelihood that recognizes good and bad
requests. If the output crosses a certain threshold, an alarm
generated and corresponding flow was discarded.
2016 Intl. Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 21-24, 2016, Jaipur, India
978-1-5090-2029-4/16/$31.00 @2016 IEEE 1064
Felix Lau [2] discussed about distributed denial of service
attacks on the Web and described some well known methods
and techniques used in denial of service attacks and also give
defenses. A network simulator tool ns-2 was used to study
denial of service attack and also examined various queuing
algorithms.
C. Haris [3] proposed a strategy to detect SYN flood attack
through the network in File transfer protocol by checking the
IP header and TCP header utilizing the payload. This paper
utilized anomaly detection to identify TCP SYN flood attack
taking into account payload and unusable area. With this
technique they performed packet filtering that concentrated on
payload and unusable area in TCP convention where the entire
payload in the TCP header and IP header was examined.
Every packet was analyzed by comparing normal of these two
headers to infected ones. They additionally performed Traffic
monitoring as far as the utilization of the CPU for attacking
network and attack free network and the network history of
receiving information during the normal scenario, document
downloading and downloading a file during attack scenario.
The CPU utilization showed an expansion in usage for TCP
SYN flood contaminated network when compared with
normal network.
D. Salunke [4] presented a detection system for the denial of
service attack detection. Detection system is built by using a
layered framework approach and creates its data set by
analyzing incoming packets and comparing with the KDD
1999 dataset. K-means clustering and Naive Bayes Classifier
is used in this proposed system. There are two steps of the
proposed system, first is Training set generation and the
second step is a Real time layered IDS. The output of the
detection algorithm is either the normal packet, or there is an
attack detected.
Dighe Mohit S. [5] proposed an Intrusion Detection System
that prevents unauthorized access to network assets. The
architecture contains three modules. A first module contains
IDS in Weka tool, a second module contain back-propagation
algorithm and third module contain online detection.
Multilayer perceptron and apriori algorithm is used for IDS.
The accuracy of the proposed system is 94%.
III. DENIAL-OF-SERVICE
ATTACK
DoS attack is described by an exact endeavor by an attacker
to counteract valid users of a service from utilizing the favored
resources. An attacker may flood a system and can reduce a
valid client's transmission capacity, avoid access to a service,
or suspend service to a particular system or a client. Therefore,
the valid users are not competent to have complete quality
access to a web service or services. A DoS attack consumes a
victim system’s resources, for example, system transfer speed,
CPU time and memory. This can include data structures, for
example, Transmission Control Blocks, open file handles,
process slots.
Denial of Service attack is intended to focus on any part of a
business and its assets, and can easily:
Disable a particular computer, service or an entire
network,
Aim printers, alarms, telephones or portable
workstations,
Execute malware that influences processors and
triggers mistakes in computer microcode's,
Hit system assets like transfer speed, disk space,
processor time or routing data,
Exploit working framework vulnerabilities to exhaust
system assets,
Crash the working framework.
Symptoms of Denial of service attacks:
Inability to get to any site,
Unusually moderate system execution,
Unavailability of a specific site,
Disconnection of a cordless or wired web link,
Dramatic increment in the quantity of spam email
received,
Enduring denial of access to the web or any web
administrations.
Examples of Denial of Service attacks are [6]:
Attempts to "flood" a network, hence preventing
substantial network traffic,
Attempts to interfere with connections between two
machines, in this way avoid access to a service,
Attempt to keep away from a specific person from
getting to a service,
Attempt to interrupt service to a specific system or
individual.
IV. NEURAL NETWORK
The neural network is an endeavor to assemble a machine
that will impersonate mind exercises and have the capacity to
learn. The neural network is a method of data structure and
programs that approximates the human brain activities. A
neural network is initially trained or fed huge amount of data
and rules about data associations. Neural network as a rule
learns by examples. The neural network has three layers:
input, output and hidden layer. Each layer can have number of
nodes [7]. Input layer nodes are connected to the hidden layer
nodes and hidden layer nodes are connected to the output layer
nodes. These connections represent weights among nodes.
The neural network here applied is back-propagation neural
network. Idea behind the back-propagation is relatively
simple; output of neural network is evaluated against desired
output. When training neural network, a set of examples are
fed to the network that have inputs and desired outputs.
Learning of the neural network is done by setting some initial
weights as some random numbers. If results are not matching
with the target output, then update weights and repeat the
same process until the results matches with the target output.
There are two types of neural network learning, i.e. supervised
learning and unsupervised learning. Supervised learning is
used in this experiment where output values are known in
2016 Intl. Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 21-24, 2016, Jaipur, India
1065
advance. Figure 1 shows the learning of back-propagation
neural network.
Figure 1: Back-propagation Neural Network Learning.
IV. EXPERIMENTAL
SETUP
This method used two systems as a testbed that based on
operating system Ubuntu version 14.04 Lts and Windows 7.
Here, Ubuntu is used as the victim system and Windows 7 as
the attacker. Implementation of the system is done in four
phases as collecting data, preprocessing data, deciding the
neural network, and training and testing of the system as
shown in figure 2.
A. Data Collection
First, data are collected in the form of three parameters to
detect the normal and abnormal behavior. These are:
1. CPU Usage for normal situation and attacked
situation.
2. Frame length of the packets in normal situation and
attacked situation. Packets are captured using
Wireshark tool.
3. Flow rate of packets during normal situation and
attacked situation.
Figure 2: Steps of Proposed Work.
All the packets are captured using Wireshark tool and
analyzed to find the frame length of packets. The main port to
be analyzed in this paper is TCP so filtering only TCP packets.
To evaluate the flow rate, I created a C program on Linux
operating system. The program captures all types of TCP
packets that flow over the internet. This program was used to
capture packets arriving in the system and evaluate the flow
rate. The python script and hping3 tool are used to perform the
attack on the victim system.
B. Preprocessing of Dataset
The detail, how we used the data in our work is discussed in
this section. Data is normalized first, and then given to the
network. After normalization the value lies between 0 and 1.
The normalization formula is as shown in equation 1:
ݔ௡௘௪ ௫ି௫
೘೔೙
೘ೌೣ
ି௫
೘೔೙
.…..…………………….. (1)
Where x is input value,
ݔ௠௜௡ is the minimum value of the input,
ݔ௠௔௫ is the maximum value of the input,
ݔ௡௘௪ is the new value of the input that lies between [0, 1].
C. Deciding the Neural Network
The data collected in the previous step is provided as input
to the neural network. There are only two types of result of
detection method. Set the first classification as normal and
second classification as an attack. The input layer has 4
neurons; hidden layer has 6 neurons and 1 neuron in the output
layer. Our architecture has only one hidden layer.
D. Training and Testing of NN Model
Training and testing of the data are done by using back
propagation neural network. Neural system is applied to the
information gathered by joining the attacked data and non-
attack data to train the neural system. In the proposed method,
90% of the data is used for training and learning rate set to
0.02. After training of the model, the other 10% of the data is
used for testing the model and get the outcome.
V. RESULTS AND DISCUSSION
From the experiments, CPU usage, frame length and flow
rate shows the difference between normal scenario and
attacked scenario. CPU usage is the amount of work
accomplished by a computer system.
Figure 3: CPU Usage in Normal Scenario.
2016 Intl. Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 21-24, 2016, Jaipur, India
1066
In normal usage, CPU execution is beneath 10% yet a few
applications may utilize half of the CPU time. At the time of
the attack, CPU execution was above 90% or near 100%.
Figure 4 shows the CPU usage during the attack scenario.
Figure 4: CPU Usage during Attack.
Next, frame length of packets is analyzed during the normal
scenario and during the attack scenario. The frame length is
the size of entire frame on the wire. It is also called as packet
length means the length of each packet.
Frame length of
packets is analyzed by using Wireshark tool. Based on the
packets captured using Wireshark, IO graph is plotted for the
normal data and for the attacked data. IO graph shows the
overall traffic seen in captured files and is measured in rate per
second in bytes or packets.
Figure 5: IO Graph during Normal Usage.
In the normal case, 500 packets are captured per second and
during the attack, captured packets are more than 1600 packets
per second. Figure 6 shows the IO graph during attack usage.
Figure 6: IO Graph during Attack Usage.
Next, Flow rate is evaluated during the normal usage and
during the attack usage by using a C program created on Linux
OS that captures all the packets arriving on the victim system.
Figure 7: Flow Rate during Normal Usage.
During the normal usage, the flow rate is usually very less
but at the time of the attack, the flow rate is very high.
Figure
8 shows the flow rate for the attacked case.
Figure 8: Flow Rate for the Attacked Scenario.
And, finally back-propagation neural network is applied to
the data collected by the above results to check the accuracy of
our proposed model, i.e. how much our model is correct to
classify or distinguish between attacked data and normal data.
Keeping in mind the end goal to enhance the validness of the
test results, the same experiment is performed ten times and
got the results as shown in figure 9. The average accuracy of
our proposed model is 96.2%.
Figure 9: Accuracy for different observations.
82
84
86
88
90
92
94
96
98
100
102
12345678910
Percentage Accuracy
No. of Observation
Chart Title
2016 Intl. Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 21-24, 2016, Jaipur, India
1067
VI. CONCLUSION
Denial of service attacks are actual threats to Computer
Security, thus detection of DoS attacks and to increase
computer network security, there is a requirement to build the
detection technique. In this paper, only the detection method is
specified. In the proposed work, the attack is performed by
using hping3 tool and running a python script on windows.
Detection of DoS attack is done by taking three parameters:
CPU performance, frame length and flow rate and then
applying back-propagation neural network. From the results, it
is concluded that the back-propagation neural network is the
best approach for the detection of DoS attack. BPNN achieves
96.2% detection accuracy.
REFERENCES
[1] Al Islam, ABM Alim, and Tishna Sabrina. "Detection of various denial
of service and Distributed Denial of Service attacks using RNN
ensemble."Computers and Information Technology, 2009. ICCIT'09.
12th International Conference on. IEEE, 2009.
[2] Lau, Felix, et al. "Distributed denial of service attacks." Systems, Man,
and Cybernetics, 2000 IEEE International Conference on. Vol. 3. IEEE,
2000.
[3] Haris, S. H. C., R. B. Ahmad, and M. A. H. A. Ghani. "Detecting TCP
SYN flood attack based on anomaly detection." Network Applications
Protocols and Services (NETAPPS), 2010 Second International
Conference on. IEEE, 2010.
[4] Mangesh D. Salunke, Ruhi Kabra, “Denial-of-Service Attack
Detection,” International Journal of Innovative Research in Advanced
Engineering, vol. 1, November 2014.
[5] Dighe Mohit S., Kharde Gayatri B., Mahadik Vrushali G., Gade
Archana L., Bondre Namrata R., “Using Artificial Neural Network
Classification and Invention of Intrusion in Network Intrusion Detection
System,” International Journal of Innovative Research in Computer and
Communication Engineering, vol. 3, February 2015.
[6] CERT Coordination Center, Cert Advisories: “CA-2000-01 denial-of-
service developments:” http://www.cert.org/advisories/CA-2000-
01.html; “CA-99-17 denial-of-service tools,”
http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html;
“CA-98-13-tcp-denial-of-service: vulnerability in certain TCP/IP
implementations,” http://www.cert.org/advisories/CA-98-13-tcp-denial-
of-service.html.
[7] Mirza Cilimkovic, “Neural Networks and Back Propagation Algorithm”,
Retrieved from
http://www.dataminingmasters.com/uploads/studentProjects/NeuralNet
works.pdf.
2016 Intl. Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 21-24, 2016, Jaipur, India
1068
... In these conditions, numerous techniques depend on distance or similarity in feature sets, for example, discriminant analysis and clustering [8][9][10]. In various problems, machine learning methods such as neural network [11], k-nearest neighbour algorithm [12], support vector machines [13], and convolutional neural network [14,15] is used for classification purpose. Various fuzzy classifiers for different problems have been developed. ...
View
... Hence, effective computational techniques for PPI forecast can supplement experimental procedures by giving tentatively testable theory and do not include protein pairs having the slight associating possibility to restrict the scope of PPI applicants [9]. Machine learning techniques, i.e., naïve Bayes [9], support vector machines [10], random forest (RF), and artificial neural networks [11] were used in many studies to solve various problems. For reducing the dimensions of features, dimensionality reduction methods have been used. ...
Protein-protein interaction prediction from primary sequences using supervised machine learning algorithm
Conference Paper
Full-text available
  • Mar 2022
Protein-Protein Interactions (PPI) study is significant to comprehending cellular biological functions. Though there are different experimental techniques to predict PPIs, detecting PPIs in the lab is costly and time-consuming. Nowadays, high throughput approaches and large-scale biological techniques have achieved incredible growth. These large-scale techniques experience false positive and false negative predictions. As a result, there is a need to devise a computational technique for estimating PPI pairs, which complements laboratory techniques and offers an inexpensive way to find the interactions between proteins. Although much advancement has been achieved for PPI prediction still there is a requirement for a much more effective approach to predict PPI from protein sequences. The proposed model gives 93% accuracy, 92.9% sensitivity, 92.6% precision, 92.5%specificity, and 92.7% f1-score. The results indicate that our proposed model outperforms various predictors for PPI prediction.
View
Prediction of Protein-Protein Interaction Using Support Vector Machine Based on Spatial Distribution of Amino Acids
Conference Paper
  • Nov 2023
Protein-protein interaction (PPI) is vital for understanding protein functions and various cellular biological functions like DNA replication and transcription, signaling cascades, metabolic cycles, and metabolism. However, various experimental techniques exist for detecting protein-protein interactions, i.e., mass spectroscopy, protein arrays, yeast two-hybrid, etc. But these techniques are expensive and tedious, so there is a necessity to devise computational processes to facilitate the prediction of protein-protein interactions among the proteins. Computational methods offer a low-cost method to discover protein interactions that complement experimental methods. The methods based only on primary sequence data are more generic than methods based on additional details or protein-specific assumptions. This paper proposes a sequence-based model that combines local descriptors with Shannon entropy and Hurst exponent to detect PPI. Here, features are extracted directly from primary sequences, and the Support Vector Machine algorithm is used as a classifier. The proposed model on the DIP (Database of Interacting Proteins) dataset gives 96.71% accuracy with 94.94% precision and 98.58% recall. The findings validate that the proposed model performs better than various state-of-the-art predictors for protein-protein interactions.
View
View
A Novel Web Attack Detection Mechanism Using Maximal-Munch With Torrent Deep Network
Article
  • Oct 2023
A web attack is a harmful and deliberate attempt made by one person or group to gain access to another person's or group's data collection. Due to the incompatibility of the training algorithm for the Cross-Site Scripting (XSS) detection technique and the heterogeneity of attack load, the website was more frequently impacted by the detection of SQL injection attacks. Also, the language of the online sites has a significant impact on how well the current phishing detection system works, which is still a difficult issue. To address these problems, a novel Praise-Worthy Authentication technique is proposed which accurately detects phishing websites by checking the webpage's conformance using the hyperlink property. Also, a Maximal-Munch Algorithm-based ANN is proposed to prevent XSS attacks. The URLs associated with each webpage that is dragged will be sorted out to acquire URL parameters, and text patterns are matched at regular intervals to detect the XSS attack. This work also employs a Torrent Deep network with weight-bolster Algorithm to identify SQL injection by hackers, preventing significant network damage that would otherwise cause data leaks and website paralysis. This proposed Web-strafe Detection Framework has considerably increased the security of websites by identifying numerous threats.
View
Multifactorial feature extraction and site prognosis model for protein methylation data
Article
Full-text available
  • Oct 2022
  • Brief Funct Genomics
Integrated studies (multi-omics studies) comprising genetic, proteomic and epigenetic data analyses have become an emerging topic in biomedical research. Protein methylation is a posttranslational modification that plays an essential role in various cellular activities. The prediction of methylation sites (arginine and lysine) is vital to understand the molecular processes of protein methylation. However, current experimental techniques used for methylation site predictions are tedious and expensive. Hence, computational techniques for predicting methylation sites in proteins are necessary. For predicting methylation sites, various computational methods have been proposed in recent years. Most existing methods require structural and evolutionary information for retrieving features, acquiring this information is not always convenient. Thus, we proposed a novel method, called multi-factorial feature extraction and site prognosis model (MufeSPM), for the prediction of protein methylation sites based on information theory features (Renyi, Shannon, Havrda–Charvat and Arimoto entropy), amino acid composition and physicochemical properties acquired from protein methylation data. A random forest algorithm was used to predict methylation sites in protein sequences. This paper also studied the impact of different features and classifiers on arginine and lysine methylation data sets. For the R methylation data set, MufeSPM yielded 82.45%(⁠± 3.47) accuracy, and for the K methylation data set, it provided an average accuracy of 71.94%(⁠± 2.12). Additionally, the area under the receiver operating characteristic curve for different classifiers in predicting methylation site was provided. The experimental results signify that MufeSPM performs better than the state-of-the-art predictors.
View
View
View
ML for IEEE 802.15. 4e/TSCH: Energy Efficient Approach to Detect DDoS Attack Using Machine Learning
Conference Paper
Full-text available
  • Jun 2021
Internet of Things (IoT) is a way to communicate with the real world without much human involvement. It is booming in today’s computing world, with billions of devices having sensors and actuators connected to the internet using various low power technologies. Despite several profits, it experiences multiple security threats that impel catastrophic crashes in the IEEE 802.15.4e (6TiSCH) network. Various threats like jamming attacks, DDoS, abnormal behavior, etc., are detected using multiple Machine Learning (ML) and Deep Learning (DL)approaches. In this paper, an edge-based ML enables Intrusion Detection Systems (IDS) is proposed to detect distributed denial-of-service (DDoS) attack patterns from a particular source.Experimental outcomes confirm that the proposed approach is scalable and efficient in terms of computation and storage. Hence,the intended approach gives a faster response as (24.2−68.9)Sec.The average memory utilization (ROM/RAM), energy usage, and accuracy achieved by our intended solution are 35834B/5378B,85916mJ, 98.7%, respectively, which outperform closely related work.
View
DDoS Attack Detection Using Artificial Neural Network
Chapter
  • May 2021
Distributed Denial of Service (DDoS) attacks grow rapidly and cause a serious risk to network security. DDoS attacks intentionally occupy resources such as computing power and bandwidth to deny the services to potential users. So the automatic identification of DDoS attacks is very important. Machine Learning is the proven technology for the identification of such attacks. Over the decade many researchers have taken detection of DDoS attacks as the research objective and succeeded as well. However many more research needs to be explored in the identification of DDoS attacks due to the inefficiency of their techniques in terms of performance, accuracy, identification, and collection of data, normalized data set, feature reduction, and computational cost. We tried Back Propagation Neural Network (BPNN) with supervised machine learning technique to recognize the DDoS attacks at Network/Transport layer. We experimented with a dataset consisting of 4 lakh records of synthetic data, out of which we used 70% of the dataset for training purpose and performance measure on the rest 30% of the dataset. Our experimental results show that 97.7% of DDoS attacks were successfully identified and this technique does not decrease performance and can be easily spread out to broader DDoS attacks.
View
Use of Level 3 BLAS kernels in neural networks: the Back-Propagation algorithm
Chapter
Full-text available
  • Jan 1990
The Back-Propagation (BP) algorithm is analyzed from a computational point of view, showing the advantages of the training in batching mode. This approach makes possible the use of Level 3 BLAS, allowing portability with high performance onto SIMD and MIMD computers. The proposed implementation is tested on FPS M64 Series Minisupercomputers where the peak performances of the processor are reached. The asymptotic speed in the learning mode is 38 MFLOPS or 9.5 MCPS (for FPS M64/60). Examples of applications of the algorithm are shown.
View
Detecting TCP SYN flood attack based on anomaly detection
Article
Full-text available
  • Sep 2010
Transmission Control Protocol (TCP) Synchronized (SYN) Flood has become a problem to the network management to defend the network server from being attacked by the malicious attackers. The malicious attackers can easily exploit the TCP three-way handshake by making the server exhausted and unavailable. The main problem in this paper is how to detect TCP SYN flood through network. This paper used anomaly detection to detect TCP SYN flood attack based on payload and unusable area. The results show that the proposed detection method can detect TCP SYN Flood in the network through the payload.
View
Distributed denial of service attacks
Conference Paper
Full-text available
  • Feb 2000
We discuss distributed denial of service attacks in the Internet. We were motivated by the widely known February 2000 distributed attacks on Yahoo!, Amazon.com, CNN.com, and other major Web sites. A denial of service is characterized by an explicit attempt by an attacker to prevent legitimate users from using resources. An attacker may attempt to: “flood” a network and thus reduce a legitimate user's bandwidth, prevent access to a service, or disrupt service to a specific system or a user. We describe methods and techniques used in denial of service attacks, and we list possible defences. In our study, we simulate a distributed denial of service attack using ns-2 network simulator. We examine how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired bandwidth. We find that under persistent denial of service attacks, class based queuing algorithms can guarantee bandwidth for certain classes of input flows
View
Distributed Denial of Service Attacks
Article
Full-text available
  • Mar 2001
We discuss distributed denial of service attacks in the Internet. We were motivated by the widely known February 2000 distributed attacks on Yahoo!, Amazon.com, CNN.com, and other major Web sites. A denial of service is characterized by an explicit attempt by an attacker to prevent legitimate users from using resources. An attacker may attempt to: "flood" a network and thus reduce a legitimate user's bandwidth, prevent access to a service, or disrupt service to a specific system or a user. We describe methods and techniques used in denial of service attacks, and we list possible defenses. In our study, we simulate a distributed denial of service attack using ns-2 network simulator. We examine how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired bandwidth. We find that under persistent denial of service attacks, class based queuing algorithms can guarantee bandwidth for certain classes of input flows. ...
View
Detection of various denial of service and Distributed Denial of Service attacks using RNN ensemble
Conference Paper
  • Jan 2010
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) are widely known security attacks which attempt to make computer resources unavailable to its intended users. In this paper, I discuss some well known DoS and DDoS attacks. Experience shows that in the detection of these attacks human brain is more perfect than mathematical computation. Therefore, I propose a technique to incorporate the representative of human brain, Recurrent Neural Networks (RNN), to identify these attacks.
View
Denial-of-Service Attack Detection
  • Nov 2014
  • D Mangesh
  • Ruhi Salunke
  • Kabra
Mangesh D. Salunke, Ruhi Kabra, "Denial-of-Service Attack Detection," International Journal of Innovative Research in Advanced Engineering, vol. 1, November 2014.
Using Artificial Neural Network Classification and Invention of Intrusion in Network Intrusion Detection System
  • Feb 2015
  • Dighe Mohit
  • Kharde Gayatri
  • Mahadik Vrushali
  • G Gade Archana
  • L Bondre Namrata
Dighe Mohit S., Kharde Gayatri B., Mahadik Vrushali G., Gade Archana L., Bondre Namrata R., "Using Artificial Neural Network Classification and Invention of Intrusion in Network Intrusion Detection System," International Journal of Innovative Research in Computer and Communication Engineering, vol. 3, February 2015.
CA-2000-01 denial-ofservice developments
  • Cert Coordination
  • Cert Center
  • Advisories
CERT Coordination Center, Cert Advisories: "CA-2000-01 denial-ofservice developments:" http://www.cert.org/advisories/CA-2000-01.html; "CA-99-17 denial-of-service tools," http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html;