Abstract
Network anomaly detection has become an important area with the increasing number of security threats of the network systems. Distributed Denial of Service (DDoS) attack is a significant threat causing serious results in network services. In this paper, a DDoS attack detection algorithm based on different graph features such as indegree, outdegree, betweenness, and eigenvector centrality is proposed. These features measure the importance of nodes such as source and destination IP addresses. They give information about the structure of the network. By using these features, the normal and attack behaviors of the network are modeled. Also, by using a fuzzy clustering algorithm with these features, suspicious and reliable IP addresses are detected in an efficient way. This algorithm is tested on the real data collected from Boğaziçi University network.
This work is supported by the Scientific and Technological Research Council of Turkey (TUBITAK), under Cloud–Based Privileged Access Management System Project, Project No. 117R030.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Akoglu, L., Tong, H., Koutra, D.: Graph based anomaly detection and description: a survey. Data Min. Knowl. Discov. 29(3), 626–688 (2015)
Al-Duwairi, B., Al-Ebbini, L.: BotDigger: a fuzzy inference system for botnet detection. In: 2010 Fifth International Conference on Internet Monitoring and Protection, pp. 16–21. IEEE (2010)
Staniford-Chen, S. et al.: GrIDS-a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, vol. 1, pp. 361–370 (1996)
Chowdhury, S., et al.: Botnet detection using graph-based feature clustering. J. Big Data 4(1), 14 (2017)
Dunn, J.C.: A fuzzy relative of the ISODATA process and its use in detecting compact well-separated clusters, pp. 32–57 (1973)
Bezdek, J.C.: Pattern Recognition with Fuzzy Objective Function Algorithms. Springer, Heidelberg (2013)
Erhan, D., Anarım, E., Kurt, G. K.: DDoS attack detection using matching pursuit algorithm. In: 24th Signal Processing and Communication Application Conference (SIU), pp. 1081–1084. IEEE (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ateş, Ç., Özdel, S., Anarım, E. (2020). Graph–Based Anomaly Detection Using Fuzzy Clustering. In: Kahraman, C., Cebi, S., Cevik Onar, S., Oztaysi, B., Tolga, A., Sari, I. (eds) Intelligent and Fuzzy Techniques in Big Data Analytics and Decision Making. INFUS 2019. Advances in Intelligent Systems and Computing, vol 1029. Springer, Cham. https://doi.org/10.1007/978-3-030-23756-1_42
Download citation
DOI: https://doi.org/10.1007/978-3-030-23756-1_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23755-4
Online ISBN: 978-3-030-23756-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)