Skip to main content
SpringerLink
Log in

An Overview of DoS and DDoS Attack Detection Techniques

  • Conference paper
  • First Online:
Theory and Applications of Dependable Computer Systems (DepCoS-RELCOMEX 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1173))

Included in the following conference series:

Abstract

The economic impact of (distributed) denial-of-service attacks is substantial, especially at a time when we rely on web applications more and more often. That is why, it is essential to be able to detect such threats early and therefore react before significant financial losses. In this paper, we focus on techniques, for detecting this type of attacks, that use historical data. We will discuss existing datasets, extracted features and finally the methods themselves. The solutions mentioned in this work are based on supervised learning (k-NN, MLP, DNN), unsupervised learning (mostly modified K-Means) and anomaly detection in time series analysis (ARIMA models family).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. The 1998 DARPA intrusion detection evaluation dataset. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset. Accessed 05 Dec 2019

  2. The 1998 DARPA intrusion detection evaluation dataset. https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset. Accessed 05 Dec 2019

  3. 2000 DARPA intrusion detection scenario specific datasets. https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets. Accessed 05 Dec 2019

  4. The CAIDA UCSD DDoS attack 2007 dataset. http://www.caida.org/data/passive/ddos-20070804_dataset.xml. Accessed 05 Dec 2019

  5. The CICIDS DDoS attack 2017 dataset. https://www.unb.ca/cic/datasets/ids-2017.htm. Accessed 05 Dec 2019

  6. DDoS evaluation dataset (CICDDoS 2019). https://www.unb.ca/cic/datasets/ddos-2019.html. Accessed 05 Dec 2019

  7. Intrusion detection evaluation dataset (ISCXIDS 2012). https://www.unb.ca/cic/datasets/ids.html. Accessed 05 Dec 2019

  8. KDD CUP 1999 data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 05 Dec 2019

  9. Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system. Expert Syst. Appl. 67, 296–303 (2017)

    Article  Google Scholar 

  10. Bouzida, Y., Cuppens, F.: Detecting known and novel network intrusions. In: IFIP International Information Security Conference, pp. 258–270. Springer (2006)

    Google Scholar 

  11. Brockwell, P.J., Davis, R.A.: Introduction to Time Series and Forecasting. Springer, Cham (2016)

    Book  Google Scholar 

  12. Chen, J., Yang, Y.T., Hu, K.K., Zheng, H.B., Wang, Z.: DAD-MCNN: DDoS attack detection via multi-channel CNN. In: Proceedings of the 2019 11th International Conference on Machine Learning and Computing, pp. 484–488. ACM (2019)

    Google Scholar 

  13. Chen, Y., Ma, X., Wu, X.: DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory. IEEE Commun. Lett. 17(5), 1052–1054 (2013)

    Article  Google Scholar 

  14. Chonka, A., Singh, J., Zhou, W.: Chaos theory based detection against network mimicking DDoS attacks. IEEE Commun. Lett. 13(9), 717–719 (2009)

    Article  Google Scholar 

  15. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)

    Article  Google Scholar 

  16. Gu, Y., Li, K., Guo, Z., Wang, Y.: Semi-supervised k-means DDoS detection method using hybrid feature selection algorithm. IEEE Access 7, 64351–64365 (2019)

    Article  Google Scholar 

  17. Karig, D., Lee, R.: Remote denial of service attacks and countermeasures. Princeton University Department of Electrical Engineering Technical report CE-L2001-002 17 (2001)

    Google Scholar 

  18. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. In: International Workshop on Recent Advances in Intrusion Detection, pp. 162–182. Springer (2000)

    Google Scholar 

  19. Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings DARPA Information Survivability Conference and Exposition. DISCEX 2000. vol. 2, pp. 12–26. IEEE (2000)

    Google Scholar 

  20. Mahoney, M.V., Chan, P.K.: An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. In: International Workshop on Recent Advances in Intrusion Detection, pp. 220–237. Springer (2003)

    Google Scholar 

  21. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262–294 (2000)

    Article  Google Scholar 

  22. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  23. Nezhad, S.M.T., Nazari, M., Gharavol, E.A.: A novel DoS and DDoS attacks detection algorithm using arima time series model and chaotic system in computer networks. IEEE Commun. Lett. 20(4), 700–703 (2016)

    Article  Google Scholar 

  24. Nguyen, H.V., Choi, Y.: Proactive detection of DDoS attacks utilizing k-NN classifier in an anti-DDoS framework. Int. J. Electr. Comput. Syst. Eng. 4(4), 247–252 (2010)

    Google Scholar 

  25. Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 161–170 (2002)

    Google Scholar 

  26. Pramana, M.I.W., Purwanto, Y., Suratman, F.Y.: DDoS detection using modified k-means clustering with chain initialization over landmark window. In: 2015 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC), pp. 7–11. IEEE (2015)

    Google Scholar 

  27. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116 (2018)

    Google Scholar 

  28. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)

    Article  Google Scholar 

  29. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)

    Google Scholar 

  30. Vafeiadis, T., Papanikolaou, A., Ilioudis, C., Charchalakis, S.: Real-time network data analysis using time series models. Simul. Model. Pract. Theory 29, 173–180 (2012)

    Article  Google Scholar 

  31. Wolf, A., Swift, J.B., Swinney, H.L., Vastano, J.A.: Determining lyapunov exponents from a time series. Physica D 16(3), 285–317 (1985)

    Article  MathSciNet  Google Scholar 

  32. Yaacob, A.H., Tan, I.K., Chien, S.F., Tan, H.K.: Arima based network anomaly detection. In: 2010 Second International Conference on Communication Software and Networks, pp. 205–209. IEEE (2010)

    Google Scholar 

  33. Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–8. IEEE (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Electronics, Wrocław University of Science and Technology, Wrocław, Poland

    Mateusz Gniewkowski

Authors
  1. Mateusz Gniewkowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mateusz Gniewkowski .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Wojciech Zamojski

  2. Wrocław University of Science and Technology, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Wrocław University of Science and Technology, Wrocław, Poland

    Jarosław Sugier

  4. Wrocław University of Science and Technology, Wrocław, Poland

    Tomasz Walkowiak

  5. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gniewkowski, M. (2020). An Overview of DoS and DDoS Attack Detection Techniques. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Applications of Dependable Computer Systems. DepCoS-RELCOMEX 2020. Advances in Intelligent Systems and Computing, vol 1173. Springer, Cham. https://doi.org/10.1007/978-3-030-48256-5_23

Download citation

Publish with us

Policies and ethics

Search

Navigation