An Approach for Detecting and Preventing DoS Attacks in LAN
Majed Tabash , Tawfiq Barhoom "An Approach for Detecting and Preventing DoS Attacks in LAN". International Journal of Computer Trends and Technology (IJCTT) V18(6):265-271, Dec 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.
Abstract -
Nowadays, Denial of service (DoS) attacks, have become a major security threat to networks and to the Internet, DoS is harmful to networks as it delays legitimate users from accessing the server, In general, some researches were done to detect and prevent DoS from occurring in a wide area network (WAN), but fewer researches were done on Local Area Network (LAN.), yet, detecting and preventing DoS attacks is still a challenging task, especially in LAN. In this paper, we propose an approach merging methods from data mining to detect and prevent DoS attacks, by using multi classification techniques to achieve a sufficient level of accuracy and reduce false alert alarm. And secondly, we will evaluate our approach in comparison with other existing approaches. Our work is based on EGH Dataset to detect DoS attacks, in addition, our approach is implemented using Rapidminer, the experimental results show that the proposed approach is effective in identifying DoS attacks, our designed approach achieves significant results. In the best case, our accuracy is up to 99.96%, we used two component of security; Snort tool and PfSense firewall, and compared our approach with other approaches, and we found that our approach achieves best accuracy results in most cases.
References
[1] S. Rastegari, M. I. Saripan, and M. F. A. Rasid, “Detection of Denial of Service Attacks against Domain Name System Using Neural Networks,” International Journal of Computer Science Issues, vol. 6, no. 1, pp. 23–27, 2009.
[2] M. O. Schneider and J. Calmet, “Fibered Guard - A Hybrid Intelligent Approach to Denial of Service Prevention,” International Conference on Computational Intelligence for Modelling, Control and Automation, vol. 1, Nov., pp. 121–127, 2005.
[3] M. Sharma, “Network Intrusion Detection System for Denial of Service Attack based on Misuse Detection,” International Journal of Computational Engineering & Management , vol. 12, no.4, April, pp. 19–23, 2011
[4] R. J. Jadhav and U. T. Pawar, “Data mining for intrusion detection,” International Journal of Power Control Signal and Computation , vol. 1, no. 4, pp. 45–48,2005.
[5] S. Sivabalan and P. J. Radcliffe, “A novel framework to detect and block DDoS attack at the application layer,” IEEE 2013 Tencon - Spring, Apr., pp. 578–582, 2013.
[6] F. Y. Leu and Z. Y. Li, “Detecting DoS and DDoS Attacks by Using an Intrusion Detection and Remote Prevention System,” Fifth International Conference on Information Assurance and Security, vol. 2, Aug., pp. 251–254, 2009.
[7] X. Zeng, X. Peng, M. Li, H. Xu, and S. Jin, “Research on an Effective Approach against DDoS Attacks,” International Conference on Research Challenges in Computer Science, Dec., pp. 21–23, 2009
[8] D. kailashiya and Dr. R.C. Jain , “Improve Intrusion Detection Using Decision Tree with Sampling,” International Journal of Computer Technology & Applications , vol. 3, no. 3, June, pp. 1209–1216, 2012.
[9] L. Portony, “Intrusion Detection with Unlabeled Data Using Clustering”, In Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), Philadelphia, PA: November 5-8, 2001.
[10] H. Nguyen and Y. Choi, “Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDoS Framework,” International Journal of Electrical & Electronics Engineering , vol. 4 no. 4, Nov., pp. 247-252, 2010.
[11] Y. Ling, Y. Gu and G. Wei , "Detect SYN Flooding Attack in Edge Routers," International Journal of Security and Its Applications (IJSIA), vol. 3, no. 1, Jan., pp. 31-45, 2009.
[12] Y. Zhang, Q. Liu and G. Zhao ,“A Real-Time DDoS Attack Detection and Prevention System Based on per -IP Traffic Behavioral Analysis,” 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT ),Jul., pp. 163–167, 2010.
[13] J. Biswas, A. “An Insight in to Network Traffic Analysis using Packet Sniffer,” International Journal of Computer Applications ,vol. 94, no. 11, pp. 39–44, 2014.
[14] J. Han and M. Kamber, Data Mining: Concepts and Techniques. 2nd Edition. Morgan Kaufmann Publishers, San Francisco, USA. (ISBN 1-55860-901-6), 2006.
[15] Ye N., “The Handbook Of Data Mining”, Lawrence Erlbaum Associates, 2003.
[16] Rapid Miner 5.1, http://www.rapidminer.com , (2014, October), [last access]
[17] Pfsense,https://www.pfsense.org/about-pfsense/featues.html, (2014,October),[last access]
[18] U. Albalawi, S. C. Suh, and J. Kim, “Algorithms for Effective Intrusion Detection,” International Journal of Computer, Information Science and Engineering, Vol.8,No. 2, pp. 20–24, 2014.
[19] Tcpreplay. http://tcpreplay.synfin.net/, (November 2014),[Last access].
[20] Snort tool, https://www.snort.org/,(2014,October),[last access]
Keywords
Data Mining, DoS attacks, intrusion detection, Misuse Detection, Multi Classification