TAILIEUCHUNG - A dynamic flooding attack detection system based on different classification techniques and using SNMP MIB data
This paper introduces flooding attack detection system based on SNMP MIB data, which selects effective MIB variables and compares some different classification algorithms based on chosen variables. Finally, the proposed system, models detection mechanism, is using the algorithm with the highest accuracy. The advantage of this system is its ability to learn. System’s detection model will be optimized after receiving the new data. While the behavior of attack changes, the system will be adapted easily. | International Journal of Computer Networks and Communications Security C VOL. 2, NO. 9, SEPTEMBER 2014, 279–284 Available online at: ISSN 2308-9830 N C S A Dynamic Flooding Attack Detection System Based on Different Classification Techniques and Using SNMP MIB Data SAHAR NAMVARASL1, MARZIEH AHMADZADEH2 1, 2 Shiraz University of Technology, Department of Computer Engineering & IT, Shiraz, Iran E-mail: , 2ahmadzadeh@ ABSTRACT Currently, the amount of exchanged data in network has increased dramatically and consequently, detection of malicious data is an important issue for network’s users and administrators. DoS and DDoS attacks have always taken consideration of attackers and researchers, and distinguishing them from normal packet is difficult. Therefore, using data mining techniques along traditional mechanism such as firewall, improves the performance of intrusion detection systems. This paper introduces flooding attack detection system based on SNMP MIB data, which selects effective MIB variables and compares some different classification algorithms based on chosen variables. Finally, the proposed system, models detection mechanism, is using the algorithm with the highest accuracy. The advantage of this system is its ability to learn. System’s detection model will be optimized after receiving the new data. While the behavior of attack changes, the system will be adapted easily. Keywords: Dos attack, SNMP, MIB, Intrusion Detection System, Data Mining. 1 INTRODUCTION Recent improvements in technologies such as wireless network caused significant growing number of users and huge amount of transmitted data on this media which brings many challenges especially in the scope of security. One of the most important aspects of security is rapid detection of attack in order to preventing more damage. Denial of Service (DoS) and Distributed Denial of Service (DDoS) are usually most attractive attack to attacker.
đang nạp các trang xem trước