Abstract
Detection and early alert of Denial of Service (DoS) attacks are very important actions to make appropriate decisions in order to minimize their negative impact. DoS attacks have been catalogued as of high-catastrophic index and hard to defend against. Our study presents advances in the area of computer security against DoS attacks. In this chapter, a flexible method is presented, capable of effectively tackling and overcoming the challenge of DoS (and distributed DoS) attacks using a CISDAD (Computer Intelligent System for DoS Attacks Detection). It is a hybrid intelligent system with a modular structure: a pre-processing module (non neural) and a processing module based on Kohonen Self-Organizing artificial neural networks. The proposed system introduces an automatic differential detection of several Normal Traffic and several Toxic Traffics, clustering them upon its Transport-Layer-Protocol behavior. Two computational studies of CISDAD working with real networking traffic will be described, showing a high level of effectiveness in the CISDAD detection process. Finally, in this chapter, the possibility for specific adaptation to the Healthcare environment that CISDAD can offer is introduced.
Chapter PDF
References
Amini, M., Jalili, R., Shahriari, H.R.: RT-UNNID: A Practical Solution to Real-time Network-based Intrusion Detection Using Unsupervised Neural Networks. Computers & Security 25-6, 321–354 (2006)
Argus: Auditing Network Activity, http://www.qosient.com/argus (cited January 11, 2011)
BBC News. Visualizing the Internet, http://news.bbc.co.uk/2/hi/8552410.stm (cited January 31, 2011)
Bivens, A., Palagiri, C., Smith, R., Szymanski, B.K., Embrechts, M.: Network Based Intrusion Detection Using Neural Network. In: Intelligent Engineering Systems through Artificial Neural Networks: Proceedings of ANNIE, vol. 12 (2002)
Ali, F.: IP Spoofing. The Internet Protocol Journal 10-4, 2–9 (2007)
Digital Imaging and Communications in Medicine Standard, http://medical.nema.org/ (cited February15, 2011)
Erikson, J.: HACKING the art of exploitation, 2nd edn. No Starch Press, San Francisco; ISBN: 1-59327-144-1
García Báez, P.: HUMANN: Una Nueva Red Neuronal Artificial Adaptativa, No Supervisada, Modular y Jerárquica. Aplicaciones en Neurociencia y Medioambiente (Ph.D. Thesis). University of Las Palmas de Gran Canaria (2005)
Health Level 7 International, http://www.hl7.org/ (cited February 15, 2011)
hping. Salvatore Sanfilippo, http://www.hping.org/ (cited January 23, 2011)
Kohavi, R., Provost, F.: Glossary of Terms. Machine Learning 30-2,3, 271–274 (1998)
Kohonen, T.: Self-Organization and Associative Memory, 3rd edn. Springer Series in Information Sciences, pp. 3–540 (1989); ISBN: 3-540-51387-6
Kohonen, T.: Self-Organizating Maps, 2nd edn. Springer Series in Information Sciences (1997); ISBN: 3-540-62017-6
Labib, K., Vemuri, R.: NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-Organazing Maps (2002)
Lichodzijewski, P., Nur Zincir-Heywood, A., Heywood, M.I.: Dynamic Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the 14th Annual CITASS (2002)
Lichodzijewski, P., Nur Zincir-Heywood, A., Heywood, M.I.: Host-Based Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the 14th Annual CITASS (2002)
Pérez-del-Pino, M.A., García Báez, P., Fernández López, P., Suárez Araujo, C.P.: Towards Self-Organizing Maps based Computational Intelligent System for Denial of Service Attacks Detection. In: 14th International Conference on Intelligent Engineering Systems (INES), pp. 978–971 (2010); ISBN: 978-1-4244-7650-3
Pérez-del-Pino, M.A., Suárez Araujo, C.P., García Báez, P., Fernández López, P.: EDEVITALZH: an e-Health Solution for Application in the Medical Fields of Geriatrics and Neurology. In: 13th International Conference on Computer Aided Systems Theory, EUROCAST 2011 (2011)
Suárez Araujo, C.P., Pérez-del-Pino, M.A., García Báez, P., Fernández López, P.: Clinical Web Environment to Assist the Diagnosis of Alzheimers Disease and other Dementias. WSEAS Transactions on Computers 6, 2083–2088 (2004); ISSN: 1109-2750
Matsopoulos, G.K.: Self-Organizing Maps.In: InTech. ISBN: 978-953-307-074-2
NetFlow by Cisco Systems, http://en.wikipedia.org/wiki/Netflow (cited December 12, 2010)
Network Grep, http://ngrep.sourceforge.net/ (cited January11, 2011)
OGE: Oracle Grid Engine, http://www.oracle.com/us/products/tools/oracle-grid-engine-075549.html (cited January 21, 2011)
Packet Details Markup Language Specification, http://gd.tuwien.ac.at/.vhost/analyzer.polito.it/docs/dissectors/PDMLSpec.htm (cited January 15, 2011)
Perl Programming Language, http://www.perl.org (cited December 14, 2010)
Port Mirroring. Wikipedia, http://en.wikipedia.org/wiki/Port_mirroring (cited January 21, 2011)
RFC 4732: Internet Denial-of-Service Considerations, http://tools.ietf.org/html/rfc4732 (cited November 21, 2010)
SOM_PACK. Dept. of Information and Computer Science, Helsinki University of Technology, http://www.cis.hut.fi/research/som-research/nnrc-programs.shtml (cited January 21, 2011)
Stalling, W.: Network Security Essentials. Applications and Standards. Prentice Hall, Englewood Cliffs (2007); ISBN: 0-13-238033-1
Stalling, W.: Comunicaciones y Redes de Computadores, 6th edn. Prentice Hall, Englewood Cliffs (2000); ISBN: 84-205-2986-9
Suárez Araujo, C.P., García Báez, P., Hernández Trujillo, Y.: Neural Computation Methods in the Determination of Fungicides. Fungicides, 471–496 (2010); ISBN: 978-953-307-266-1
Symantec State of Enterprise Security Survey (2010), http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf (cited March 25, 2011)
TShark: The Wireshark Network Analyzer. Documentation, http://man-wiki.net/index.php/1:tshark (cited January 21, 2011)
Denial-of-Service Attacks, Incidents. Wikipedia, http://en.wikipedia.org/wiki/Denial-of-service_attack (cited January 02, 2011)
Zanero, S.: Analyzing TCP Traffic Patterns Using Self Organizing Maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 83–90. Springer, Heidelberg (2005), http://man-wiki.net/index.php/1:tshark (cited January 21, 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
del Pino, M.Á.P., Báez, P.G., López, P.F., Araujo, C.P.S. (2012). Self-Organizing Maps for Early Detection of Denial of Service Attacks. In: Fodor, J., Klempous, R., Suárez Araujo, C.P. (eds) Recent Advances in Intelligent Engineering Systems. Studies in Computational Intelligence, vol 378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23229-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-23229-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23228-2
Online ISBN: 978-3-642-23229-9
eBook Packages: EngineeringEngineering (R0)