Abstract
In the authors’ opinion, anomaly detection systems, or ADS, seem to be the most perspective direction in the subject of attack detection, because these systems can detect, among others, the unknown (zero-day) attacks. To detect anomalies, the authors propose to use machine synesthesia. In this case, machine synesthesia is understood as an interface that allows using image classification algorithms in the problem of detecting network anomalies, making it possible to use non-specialized image detection methods that have recently been widely and actively developed. The proposed approach is that the network traffic data is “projected” into the image. It can be seen from the experimental results that the proposed method for detecting anomalies shows high results in the detection of attacks. On a large sample, the value of the complex efficiency indicator reaches 97%.
This report contains results of the research project supported by Russian Foundation for Basic Research, grants no. 18-07-01109, 16-47-330055.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Wu H., Luk R., Wong K., and Kwok K.: Interpreting TF-IDF term weights as making relevance decisions. ACM Transactions on Information Systems, vol. 26, no. 3, (2008).
References
Mohiuddin, A., Abdun, N.M., Jiankun, H.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Afontsev, E.: Network anomalies (2006). https://nag.ru/articles/reviews/15588/setevyie-anomalii.html
Berestov, A.A.: Architecture of intelligent agents based on a production system to protect against virus attacks on the Internet. In: XV All-Russian Scientific Conference Problems of Information Security in the Higher School System, pp. 180–276 (2008)
Galtsev, A.V.: System analysis of traffic to identify anomalous network conditions: the thesis for the Candidate Degree of Technical Sciences, Samara (2013)
Kornienko, A.A., Slyusarenko, I.M.: Intrusion Detection Systems and Methods: Current State and Direction of Improvement (2008). http://citforum.ru/security/internet/ids_overview/
Kussul, N., Sokolov, A.: Adaptive anomaly detection in the computer systems users behavior using Markov chains of variable order. Part 2: methods of detecting anomalies and the results of experiments. In: Informatics and Control Problems, no. 4, pp. 83–88 (2003)
Mirkes, E.M.: Neurocomputer: Draft Standard, pp. 150–176. Science, Novosibirsk (1999)
Tsvirko, D.A.: Prediction of a network attack route using production model methods (2012). http://academy.kaspersky.ru/downloads/academycup_participants/cvirko__d.ppt
Somayaji, A.: Automated response using system-call delays. In: USENIX Security Symposium 2000, pp. 185–197 (2000)
Ilgun, K.: USTAT: a real-time intrusion detection system for UNIX. In: Proceedings 1993 IEEE Symposium on Research in Security and Privacy, pp. 16–28. IEEE (1992)
Eskin, E., Lee, W., Stolfo, S.J.: Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 1, pp. 165–175. IEEE (2001)
Ye, N., Xu, M., Emran, S.M.: Probabilistic networks with undirected links for anomaly detection. In: 2000 IEEE Workshop on Information Assurance and Security, West Point, NY (2000)
Michael, C.C., Ghosh, A.: Two state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. 5(2), 203–237 (2002)
Garvey, T.D., Lunt, T.F.: Model-based intrusion detection. In: Proceedings of the 14th Nation Computer Security Conference, Baltimore, MD, vol. 17 (1991)
Theus, M., Schonlau, M.: Intrusion detection based on structural zeroes. Stat. Comput. Graph. Newsl. 9(1), 12–17 (1998)
Tan, K.: The application of neural networks to UNIX computer security. In: IEEE International Conference on Neural Networks, Perth, Australia, vol. 1, pp. 476–481 (1995)
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection system. IEEE Trans. Softw. Eng. 21(3), 181–199 (1995)
Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: 17th International Conference on Machine Learning, pp. 255–262. Morgan Kaufmann, San Francisco (2000)
Ghosh, K., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection. In: 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, pp. 51–62 (1999)
Ye, N.: A Markov chain model of temporal behavior for anomaly detection. In: 2000 IEEE Systems, Man, and Cybernetics, Information Assurance and Security Workshop. IEEE (2000)
Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 1–7. ACM, New York (1999). https://doi.org/10.1145/319709.319710
Chikalov, I., Moshkov, M., Zielosko, B.: Optimization of decision rules based on methods of dynamic programming. Vestnik of Lobachevsky State University of Nizhni Novgorod 6, 195–200 (2010)
Chen, C.H.: Handbook of Pattern Recognition and Computer Vision. University of Massachusetts Dartmouth, Dartmouth (2015)
Gantmacher, F.R.: The Theory of Matrices. Science, Moscow (1968)
Murty, M.N., Devi, V.S.: Pattern Recognition: An Algorithmic Approach, pp. 93–94. Springer, Heidelberg (2011)
Lowe, D.G.: Distinctive image features from scale-invariant keypoints (2004). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.157.3843&rep=rep1&type=pdf
Clustering with K-means in Python (2013). https://datasciencelab.wordpress.com/2013/12/12/clustering-with-k-means-in-python
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Monakhov, Y., Nikitin, O., Kuznetsova, A., Kharlamov, A., Amochkin, A. (2020). A Machine-Synesthetic Approach to DDoS Network Attack Detection. In: Bi, Y., Bhatia, R., Kapoor, S. (eds) Intelligent Systems and Applications. IntelliSys 2019. Advances in Intelligent Systems and Computing, vol 1038. Springer, Cham. https://doi.org/10.1007/978-3-030-29513-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-29513-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29512-7
Online ISBN: 978-3-030-29513-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)