Abstract
The economic impact of (distributed) denial-of-service attacks is substantial, especially at a time when we rely on web applications more and more often. That is why, it is essential to be able to detect such threats early and therefore react before significant financial losses. In this paper, we focus on techniques, for detecting this type of attacks, that use historical data. We will discuss existing datasets, extracted features and finally the methods themselves. The solutions mentioned in this work are based on supervised learning (k-NN, MLP, DNN), unsupervised learning (mostly modified K-Means) and anomaly detection in time series analysis (ARIMA models family).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The 1998 DARPA intrusion detection evaluation dataset. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset. Accessed 05 Dec 2019
The 1998 DARPA intrusion detection evaluation dataset. https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 05 Dec 2019
2000 DARPA intrusion detection scenario specific datasets. https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets. Accessed 05 Dec 2019
The CAIDA UCSD DDoS attack 2007 dataset. http://www.caida.org/data/passive/ddos-20070804_dataset.xml. Accessed 05 Dec 2019
The CICIDS DDoS attack 2017 dataset. https://www.unb.ca/cic/datasets/ids-2017.htm. Accessed 05 Dec 2019
DDoS evaluation dataset (CICDDoS 2019). https://www.unb.ca/cic/datasets/ddos-2019.html. Accessed 05 Dec 2019
Intrusion detection evaluation dataset (ISCXIDS 2012). https://www.unb.ca/cic/datasets/ids.html. Accessed 05 Dec 2019
KDD CUP 1999 data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 05 Dec 2019
Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system. Expert Syst. Appl. 67, 296–303 (2017)
Bouzida, Y., Cuppens, F.: Detecting known and novel network intrusions. In: IFIP International Information Security Conference, pp. 258–270. Springer (2006)
Brockwell, P.J., Davis, R.A.: Introduction to Time Series and Forecasting. Springer, Cham (2016)
Chen, J., Yang, Y.T., Hu, K.K., Zheng, H.B., Wang, Z.: DAD-MCNN: DDoS attack detection via multi-channel CNN. In: Proceedings of the 2019 11th International Conference on Machine Learning and Computing, pp. 484–488. ACM (2019)
Chen, Y., Ma, X., Wu, X.: DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory. IEEE Commun. Lett. 17(5), 1052–1054 (2013)
Chonka, A., Singh, J., Zhou, W.: Chaos theory based detection against network mimicking DDoS attacks. IEEE Commun. Lett. 13(9), 717–719 (2009)
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Gu, Y., Li, K., Guo, Z., Wang, Y.: Semi-supervised k-means DDoS detection method using hybrid feature selection algorithm. IEEE Access 7, 64351–64365 (2019)
Karig, D., Lee, R.: Remote denial of service attacks and countermeasures. Princeton University Department of Electrical Engineering Technical report CE-L2001-002 17 (2001)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In: International Workshop on Recent Advances in Intrusion Detection, pp. 162–182. Springer (2000)
Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings DARPA Information Survivability Conference and Exposition. DISCEX 2000. vol. 2, pp. 12–26. IEEE (2000)
Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. In: International Workshop on Recent Advances in Intrusion Detection, pp. 220–237. Springer (2003)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262–294 (2000)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Nezhad, S.M.T., Nazari, M., Gharavol, E.A.: A novel DoS and DDoS attacks detection algorithm using arima time series model and chaotic system in computer networks. IEEE Commun. Lett. 20(4), 700–703 (2016)
Nguyen, H.V., Choi, Y.: Proactive detection of DDoS attacks utilizing k-NN classifier in an anti-DDoS framework. Int. J. Electr. Comput. Syst. Eng. 4(4), 247–252 (2010)
Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 161–170 (2002)
Pramana, M.I.W., Purwanto, Y., Suratman, F.Y.: DDoS detection using modified k-means clustering with chain initialization over landmark window. In: 2015 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC), pp. 7–11. IEEE (2015)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116 (2018)
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)
Vafeiadis, T., Papanikolaou, A., Ilioudis, C., Charchalakis, S.: Real-time network data analysis using time series models. Simul. Model. Pract. Theory 29, 173–180 (2012)
Wolf, A., Swift, J.B., Swinney, H.L., Vastano, J.A.: Determining lyapunov exponents from a time series. Physica D 16(3), 285–317 (1985)
Yaacob, A.H., Tan, I.K., Chien, S.F., Tan, H.K.: Arima based network anomaly detection. In: 2010 Second International Conference on Communication Software and Networks, pp. 205–209. IEEE (2010)
Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–8. IEEE (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gniewkowski, M. (2020). An Overview of DoS and DDoS Attack Detection Techniques. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Applications of Dependable Computer Systems. DepCoS-RELCOMEX 2020. Advances in Intelligent Systems and Computing, vol 1173. Springer, Cham. https://doi.org/10.1007/978-3-030-48256-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-48256-5_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-48255-8
Online ISBN: 978-3-030-48256-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)