Skip to main content
SpringerLink
Log in

Self-Organizing Maps for Early Detection of Denial of Service Attacks

  • Chapter
Recent Advances in Intelligent Engineering Systems

Part of the book series: Studies in Computational Intelligence ((SCI,volume 378))

Abstract

Detection and early alert of Denial of Service (DoS) attacks are very important actions to make appropriate decisions in order to minimize their negative impact. DoS attacks have been catalogued as of high-catastrophic index and hard to defend against. Our study presents advances in the area of computer security against DoS attacks. In this chapter, a flexible method is presented, capable of effectively tackling and overcoming the challenge of DoS (and distributed DoS) attacks using a CISDAD (Computer Intelligent System for DoS Attacks Detection). It is a hybrid intelligent system with a modular structure: a pre-processing module (non neural) and a processing module based on Kohonen Self-Organizing artificial neural networks. The proposed system introduces an automatic differential detection of several Normal Traffic and several Toxic Traffics, clustering them upon its Transport-Layer-Protocol behavior. Two computational studies of CISDAD working with real networking traffic will be described, showing a high level of effectiveness in the CISDAD detection process. Finally, in this chapter, the possibility for specific adaptation to the Healthcare environment that CISDAD can offer is introduced.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amini, M., Jalili, R., Shahriari, H.R.: RT-UNNID: A Practical Solution to Real-time Network-based Intrusion Detection Using Unsupervised Neural Networks. Computers & Security 25-6, 321–354 (2006)

    Google Scholar 

  2. Argus: Auditing Network Activity, http://www.qosient.com/argus (cited January 11, 2011)

  3. BBC News. Visualizing the Internet, http://news.bbc.co.uk/2/hi/8552410.stm (cited January 31, 2011)

  4. Bivens, A., Palagiri, C., Smith, R., Szymanski, B.K., Embrechts, M.: Network Based Intrusion Detection Using Neural Network. In: Intelligent Engineering Systems through Artificial Neural Networks: Proceedings of ANNIE, vol. 12 (2002)

    Google Scholar 

  5. Ali, F.: IP Spoofing. The Internet Protocol Journal 10-4, 2–9 (2007)

    Google Scholar 

  6. Digital Imaging and Communications in Medicine Standard, http://medical.nema.org/ (cited February15, 2011)

  7. Erikson, J.: HACKING the art of exploitation, 2nd edn. No Starch Press, San Francisco; ISBN: 1-59327-144-1

    Google Scholar 

  8. García Báez, P.: HUMANN: Una Nueva Red Neuronal Artificial Adaptativa, No Supervisada, Modular y Jerárquica. Aplicaciones en Neurociencia y Medioambiente (Ph.D. Thesis). University of Las Palmas de Gran Canaria (2005)

    Google Scholar 

  9. Health Level 7 International, http://www.hl7.org/ (cited February 15, 2011)

  10. hping. Salvatore Sanfilippo, http://www.hping.org/ (cited January 23, 2011)

  11. Kohavi, R., Provost, F.: Glossary of Terms. Machine Learning 30-2,3, 271–274 (1998)

    Google Scholar 

  12. Kohonen, T.: Self-Organization and Associative Memory, 3rd edn. Springer Series in Information Sciences, pp. 3–540 (1989); ISBN: 3-540-51387-6

    Google Scholar 

  13. Kohonen, T.: Self-Organizating Maps, 2nd edn. Springer Series in Information Sciences (1997); ISBN: 3-540-62017-6

    Google Scholar 

  14. Labib, K., Vemuri, R.: NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-Organazing Maps (2002)

    Google Scholar 

  15. Lichodzijewski, P., Nur Zincir-Heywood, A., Heywood, M.I.: Dynamic Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the 14th Annual CITASS (2002)

    Google Scholar 

  16. Lichodzijewski, P., Nur Zincir-Heywood, A., Heywood, M.I.: Host-Based Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the 14th Annual CITASS (2002)

    Google Scholar 

  17. Pérez-del-Pino, M.A., García Báez, P., Fernández López, P., Suárez Araujo, C.P.: Towards Self-Organizing Maps based Computational Intelligent System for Denial of Service Attacks Detection. In: 14th International Conference on Intelligent Engineering Systems (INES), pp. 978–971 (2010); ISBN: 978-1-4244-7650-3

    Google Scholar 

  18. Pérez-del-Pino, M.A., Suárez Araujo, C.P., García Báez, P., Fernández López, P.: EDEVITALZH: an e-Health Solution for Application in the Medical Fields of Geriatrics and Neurology. In: 13th International Conference on Computer Aided Systems Theory, EUROCAST 2011 (2011)

    Google Scholar 

  19. Suárez Araujo, C.P., Pérez-del-Pino, M.A., García Báez, P., Fernández López, P.: Clinical Web Environment to Assist the Diagnosis of Alzheimers Disease and other Dementias. WSEAS Transactions on Computers 6, 2083–2088 (2004); ISSN: 1109-2750

    Google Scholar 

  20. Matsopoulos, G.K.: Self-Organizing Maps.In: InTech. ISBN: 978-953-307-074-2

    Google Scholar 

  21. NetFlow by Cisco Systems, http://en.wikipedia.org/wiki/Netflow (cited December 12, 2010)

  22. Network Grep, http://ngrep.sourceforge.net/ (cited January11, 2011)

  23. OGE: Oracle Grid Engine, http://www.oracle.com/us/products/tools/oracle-grid-engine-075549.html (cited January 21, 2011)

  24. Packet Details Markup Language Specification, http://gd.tuwien.ac.at/.vhost/analyzer.polito.it/docs/dissectors/PDMLSpec.htm (cited January 15, 2011)

  25. Perl Programming Language, http://www.perl.org (cited December 14, 2010)

  26. Port Mirroring. Wikipedia, http://en.wikipedia.org/wiki/Port_mirroring (cited January 21, 2011)

  27. RFC 4732: Internet Denial-of-Service Considerations, http://tools.ietf.org/html/rfc4732 (cited November 21, 2010)

  28. SOM_PACK. Dept. of Information and Computer Science, Helsinki University of Technology, http://www.cis.hut.fi/research/som-research/nnrc-programs.shtml (cited January 21, 2011)

  29. Stalling, W.: Network Security Essentials. Applications and Standards. Prentice Hall, Englewood Cliffs (2007); ISBN: 0-13-238033-1

    Google Scholar 

  30. Stalling, W.: Comunicaciones y Redes de Computadores, 6th edn. Prentice Hall, Englewood Cliffs (2000); ISBN: 84-205-2986-9

    Google Scholar 

  31. Suárez Araujo, C.P., García Báez, P., Hernández Trujillo, Y.: Neural Computation Methods in the Determination of Fungicides. Fungicides, 471–496 (2010); ISBN: 978-953-307-266-1

    Google Scholar 

  32. Symantec State of Enterprise Security Survey (2010), http://www.symantec.com/content/en/us/about/presskits/SES_report_Feb2010.pdf (cited March 25, 2011)

  33. TShark: The Wireshark Network Analyzer. Documentation, http://man-wiki.net/index.php/1:tshark (cited January 21, 2011)

  34. Denial-of-Service Attacks, Incidents. Wikipedia, http://en.wikipedia.org/wiki/Denial-of-service_attack (cited January 02, 2011)

  35. Zanero, S.: Analyzing TCP Traffic Patterns Using Self Organizing Maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 83–90. Springer, Heidelberg (2005), http://man-wiki.net/index.php/1:tshark (cited January 21, 2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Instituto Universitario de Ciencias y Tecnologas Cibernéticas, Universidad de Las Palmas de Gran Canaria, Las Palmas de Gran Canaria, Canary Islands, Spain

    Miguel Ángel Pérez del Pino, Pablo Fernández López & Carmen Paz Suárez Araujo

  2. Departamento de Estadística, Investigación Operativa y Computacón, Universidad de La Laguna, La Laguna, Tenerife, Spain

    Patricio García Báez

Authors
  1. Miguel Ángel Pérez del Pino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patricio García Báez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pablo Fernández López
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Carmen Paz Suárez Araujo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Intelligent Engineering Systems, Óbuda University, Bécsi út 96/b, H-1034, Budapest, Hungary

    János Fodor

  2. Institute of Computer Engineering, Control and Robotics, Wrocław University of Technology, 27 Wybrzeze Wyspianskiego st., 50-372, Wrocław, Poland

    Ryszard Klempous

  3. Departamento de Informática y Sistemas, Universidad de Las Palmas de Gran Canaria, Instituto Universitario de Ciencias y Tecnologías Cibernéticas, Campus Universitario de Tafira s/n, 35017, Las Palmas de Gran, Canaria, Spain

    Carmen Paz Suárez Araujo

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

del Pino, M.Á.P., Báez, P.G., López, P.F., Araujo, C.P.S. (2012). Self-Organizing Maps for Early Detection of Denial of Service Attacks. In: Fodor, J., Klempous, R., Suárez Araujo, C.P. (eds) Recent Advances in Intelligent Engineering Systems. Studies in Computational Intelligence, vol 378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23229-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23229-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23228-2

  • Online ISBN: 978-3-642-23229-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation