DDoS Attacks Detection Using GA based Optimized Traffic Matrix

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "DDoS Attacks Detection Using GA based Optimized Traffic Matrix"

Transcription

1 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing DDoS Attacks Detection Using GA based Optimized Traffic Matrix Je Hak Lee Dong Seong Kim Electrical&Computer Eng. Duke University USA Sang Min Lee Jong Sou Park Abstract Threat of Distributed Denial of Service (DDoS) attacks has been increasing with growth of computer and network infrastructures. DDoS attacks generating mass traffics make network bandwidth and/or system resources depleted. Therefore, it is significant to detect DDoS attacks in early stage. Our previous approach used a traffic matrix to detect DDoS attack. However, it is hard to tune up the parameters of the matrix including (i) size of traffic matrix, (ii) packet based window size, and (iii) threshold value of variance from packets information with respect to various monitoring environments and DDoS attacks. In this paper, we propose an enhanced DDoS attacks detection approach which (i) improves the traffic matrix building operation and (ii) optimizes the parameters of the traffic matrix using Genetic Algorithm (GA). We perform experiments with DARPA 2000 dataset and LBL-PKT-4 dataset of Lawrence Berkeley Laboratory to show its performance in terms of detection accuracy and speed. Keywords-DDoS attacks; intrusion detection; traffic matrix; genetic algorithm I. INTRODUCTION There are many kinds of security threats on the Internet. Distributed Denial of Service (DDoS) attacks have emerged as one of the most serious threats among others [16]. The intensity of DDoS attacks has become stronger according to improvement of network infrastructure. DDoS attacks are launched by generating an extremely large volume of traffics and they rapidly exhaust resources of target systems, such as network bandwidth and computing power. DDoS defense mechanisms can be classified into four categories which are prevention, detection, mitigation, and response [2]. When DDoS attacks occur, first step to thwart DDoS attacks is the detection and it should be done as quickly as possible. However, it is difficult to distinguish between DDoS attack and normal traffics, since DDoS attack traffics often do not contain malicious contents in the packets. Moreover, attackers forge their source addresses to conceal their locations and to make DDoS attacks more sophisticated [9]. DDoS detection schemes should guarantee both short detection delay and high detection rates with low false positives. Computational overheads should be also considered because a detection engine (or module) has to deal with large volume of real-time network traffic. The anomaly schemes which are effective to detect unknown intrusions have been researched with relying on monitoring IP attributes of incoming packets. Peng et al. [11] proposed a simple detection scheme using arrival rates of new source IP addresses but it takes at least over 10 seconds, which is not an appropriate detection delay. Feinstein et al. [3] presented entropy based statistical detection model that is computed on selected IP attributes of some consecutive packets. However, they did not perform any parameters optimization for their detection model so they could not provide optimal window size. In addition, Kim et al. [5] collected a baseline profile on various attribute combinations but the combined attributes increase computational overheads. In this paper, we propose a novel DDoS detection model using a revised traffic matrix from our previous work [6]. The traffic matrix is built up with packet based window and a simple hash function. It makes our proposed model effective in terms of processing overheads and detection delay. Therefore, our approach can be used to detect DDoS attacks at the early stage in a real-time. Furthermore, we use Genetic Algorithm (GA) for optimization of parameters used in the traffic matrix. The GA is a well-known heuristic approach to figure out an optimal value in large search space. To maximize detection rates, we optimize three parameters in our detection model; (i) size of traffic matrix, (ii) packet based window size, and (iii) threshold value of variance from packets information. Then, we carry out experiments on not only LBL-PKT-4 dataset but also DARPA 2000 dataset. The experimental results show the feasibility of our proposed approach. The rest of this paper is organized as follows. In Section 2, related work is presented in brief. Our proposed detection model is presented in Section 3. In Section 4, the experiments and analysis are described. Finally, we conclude this paper in Section 5. II. RELATED WORK Anomaly detection schemes mainly can be divided into following technical categories; rate limiting, data mining, and statistical analysis techniques. Rate limiting techniques are easy to understand and implement as well. They are too simple to detect sophisticated intrusions and it is hard to set up proper threshold values. Data mining techniques are used to build a detection model (classifier) that can discover profile of network features. Lee and Stolfo [7] built a classification model to detect anomalies. They achieved a /11 $ IEEE DOI /IMIS

2 reasonable success in terms of classifying normal and intrusion data. They also reduced misclassification rates by using additional statistical features. A meta-detection model [8] was proposed to improve their previous research. It used combined multiple detection models to increase detection accuracy but multiple models definitely make computation more complex. Many detection techniques have been proposed in the statistical analysis field. We introduce several statistical analysis based detection model, in particular, relying on monitoring IP attributes of arrival packets. Talpade et al. [14] proposed NOMAD which is a scalable and passive network monitoring system. It can detect attacks by analyzing IP packet header information such as time to live (TTL) field, packet delay variation, and traffic flow. It does not support a method for creating the classifier for the high-bandwidth traffic aggregate from distributed sources [2]. Peng et al. [11] proposed a simple detection scheme named Source IP address Monitoring (SIM) to detect high bandwidth attacks. The model monitors arrival rates of new source IP addresses and detects changes of them using a non-parametric Cumulative Sum (CUSUM) algorithm [1][15] which is more suitable for analyzing a complex network environment than parametric algorithm. Their approach showed high detection accuracy with low computational overheads. Attacks including subnet spoofed IP addresses [2][10] can be also detected by this model. However, their experimental results showed that detection delay is between 10 and seconds which are not a satisfactory in terms of the detection delay time for a realtime detection system. Feinstein et al. [3] proposed a statistical detection model to identify DDoS attacks by computing entropy and frequency-sorted distributions of specific IP attributes. The entropy could be calculated through a number of consecutive packets called as sliding window of fixed width. They implemented an entropy model as a plug-in for Snort [12][13] and performed experiments to validate it in various network traces. However, size of sliding window, a tunable parameter was not optimized. They set it from their experiential knowledge. Moreover, they did not concern about subnet spoofed attacks in their experiments. The aforementioned approaches do not satisfy several major requirements which should be achieved in DDoS detection approaches such as low processing overheads, short detection delay and high detection rates. Our model is operated in a real-time, since optimized traffic matrix which is constructed by a lightweight hash function. Packet based variable time window enables our model to detect DDoS attacks within very short period of time. The parameters for detection are optimized by GA, it guarantees very high detection rates. In addition, we show that our model can detect DDoS attacks including subnet spoofed packets and relatively low bandwidth attacks. The details of proposed detection model are presented in next section. III. PROPOSED DETECTION MODEL A. Overall Flow of Proposed Model No Start Genetic Algorithms sets three parameters 1. matrix size 2. packet based window size 3. threshold value, T Construct a traffic matrix for one window size Compute variance from the traffic matrix Variance < T? Alert Yes Figure 1. Overall flow of our proposed model Training Testing Figure 1 shows an overall flow of our proposed model. Our model can be divided into three main steps; parameters optimization using GA, traffic matrix construction, and calculation of variance. In the first step, GA optimizes three detection parameters with training dataset in order to maximize detection rates. The detection parameters consist of matrix size, packet based window size, and threshold value, T. In the second step, we build up the traffic matrix by extracting source IP addresses from inbound traffic stream and using a simple hash function to locate packets to the traffic matrix. The size of the traffic matrix and the number of packets for one traffic matrix are set by GA in the previous step. In the final step, variance is computed from the traffic matrix and we can decide whether inbound traffic is attack or normal through comparing the computed variance and a threshold value set by GA. Then, our proposed model alerts when DDoS attack is detected. Otherwise, the second and third steps are repeated continuously. Details of each step are presented in the following subsections

3 B. Parameters Optimization using Genetic Algorithm (GA) Yes End No Generation > 50 Start Initialize population of 30 Evaluation first population Selection operation (Roulette wheel) Crossover operation (Standard crossover) (Pc = 0.6) Mutation operation (Bit inversion) (Pm = 0.05) Evaluate Evolved population Figure 2. Overall flow of GA process Training It is necessary to figure out optimal values of three detection parameters in order to maximize detection rates since victims have different network environments. These parameters consist of traffic matrix size, the number of packets for a time window and a threshold value of variance which makes a decision whether the state of the network is normal or attack. We can get maximum detection rates by optimizing parameters for a corresponding network environment through GA. GA is a heuristic approach for figuring out an optimal value. It is mainly composed of selection, reproduction, and evaluation operations. Repeating these main operations leads to the evolution. An overall flow of GA is shown in Figure 2. We set the pool for parents population to 30. The initial population of 30 is set randomly and fitness function evaluates them with training data. Fitness of a chromosome is proportional to its detection rates. The selection operation elects a new parent group for the next generation. In our detection model, we adopt roulette wheel selection for the selection operation which is commonly used and derives good results. It gives candidates a chance to be selected for the next generation s parent according to their fitness. The candidate of which fitness is high has a high probability to be selected. Therefore, good chromosomes can be passed down the next generation. Roulette wheel selection also maintains the diversity of parent s chromosome because it does not exclude the candidates which have low fitness. Even if there are some candidates who have very low fitness, they still have a little chance to be selected as a parent of next generation. After the selection operation, GA processes a reproduction operation composed of crossover and mutation. In our detection model, we adopt a standard crossover operation. The standard crossover is one-point crossover operation. We set a crossover probability (P c ) for 0.6. Bit inversion is used for our mutation operation. The mutation operation helps the solution not to converge toward local optima. We set a mutation probability (P m ) for These values (P c, P m ) should also be set properly through experiential experiments. Otherwise, it may take very long time to get a solution or the local optima problem may be happened. We adopted ordinary value of probabilities for our reproduction parameters. Finally, the fitness function evaluates evolved chromosomes with training data. The above main operations are performed repeatedly until 50 generations. C. Traffic Matrix Construction inbound packets variable time window ex) 10 packets per 1 window H(x) n by n traffic matrix time t Figure 3. Construction of traffic matrices based on variable time window Traffic matrix can be built by capturing inbound traffic stream as shown in Figure 3. Time window is a period of time to make one traffic matrix. Length of each time window depends on amounts of the traffic stream. When a large volume of traffic streams comes into the victim s network, the time window becomes short and vice versa. The time window can be variable according to the network size/condition. All packets coming into the victim s network during one time window are mapped to a traffic matrix by a hash function using source IP addresses of the packets. The hash function produces coordinates for incoming packets to locate them in the traffic matrix. The flow of construction of a traffic matrix is shown in Figure 4. IPv4 address domain is too large to map all IP addresses to the traffic matrix. Since our detection model must run in a real-time environment, the traffic matrix has to have a reasonable size to construct it fast enough and to cover as many as incoming packets. We use a hash function to reduce the scale of the traffic matrix even though it sometimes makes a hash collision. However, the collision problem might be negligible because our model restricts the number of packets for one traffic matrix

4 Packets coming from the network B C B B A B A (2) where, µ M,,if M, 0 32bit Source IP address High 16bit Low 16bit Row = High 16bit mod n Column = Low 16bit mod n The variance (V) of a complete traffic matrix is given by Equation (2). M(i,j) presents an element which has (i, j) index of the traffic matrix (M). The k denotes the number of non-zero elements in M. If the hash collision does not happen during the operation, the k will be equal to the number of source IP addresses. j IV. EXPERIMENTS AND ANALYSIS A. Experimental s 1 TABLE I. DATASETS FOR EXPERIMENTS i 4 Increment value of (i, j) in Traffic Matrix 2 IP spoofing Duration (sec) The number of compromised hosts Average pps LBL-PKT-4 N/A 360 N/A 250 n by n Traffic Matrix DARPA 2000 LLDOS bit 6 Unknown 5500 Figure 4. Constructing a traffic matrix using the hash function i High 16bit of IP mod n j Low 16bit of IP mod n (1) IPv4 address format consists of four octets. In our previous work [6], we used a value that first (third) octet multiplied by second (fourth) octet to calculate index (i, j). It caused more hash collision than using directly the octets. Equation (1) shows that the hash function divides a 32bit source IP address into high and low 16bit address; first two octets and last two octets. Modular operation is applied to each 16bit address to compute an index of a packet. The high 16bit address is divided by the row size of the traffic matrix and the remainder (i) is used as an index of the row. The low 16bit address is divided by the column size of the traffic matrix and the remainder (j) is used as an index of the column. The value of a corresponding element on the index (i, j) is increased by 1. If there is no hash collision, it will indicate the number of incoming packets which have the same IP address during a time window as shown in Figure 3. D. Variance Computation The variance which presents a dispersion of the incoming traffic can be derived from a complete traffic matrix. The variance of DDoS attack traffic which comes from various sources or forges its source IP address by using random generator is much lower than the variance of normal traffic since the packets which have a randomly generated source IP address are spread out to the traffic matrix uniformly. V 1 k M, µ,if M, 0 We used two datasets in our experiments; LBL-PKT-4 and DARPA 2000 LLDOS 1.0 datasets. Their properties, such as IP spoofing, duration, the number of compromised hosts, and packets per second (pps) on average, are summarized in Table 1. LBL-PKT-4 dataset of Lawrence Berkeley Laboratory was used as normal traffic data. It is a normal traffic trace from 14:00 to 15:00 on Friday, January 21, We extracted first 6 minutes trace from LBL-PKT- 4 dataset for our experiments. The trace is provided with sanitized IP addresses due to a privacy problem. It means that the IP addresses have been renumbered as a positive integer. We converted the sanitized source IP addresses to IPv4 format since our proposed model needs IPv4 format as source IP addresses to construct a traffic matrix. DARPA 2000 LLDOS 1.0 dataset [17] was used as attack traffic data. DARPA 2000 LLDOS 1.0 dataset is a DDoS attack scenario which has been carried out over multiple network and audit sessions. These sessions consist of 5 phases. We employed only the fifth phase traffic because it contains flood attack traffic with 6 seconds duration among the five phases. Therefore, the rest of the phases, first to fourth phases, were not used in our experiments. We combined DARPA 2000 LLDOS 1.0 attack dataset with LBL-PKT-4 normal dataset together and used it for our experiment. B. Experiments for subnet IP spoofed DDoS attacks detection We carried out experiments on DARPA 2000 LLDOS 1.0 dataset. The dataset have volume of attack traffic around 5500pps. Duration is 6 seconds and the entire field of source IP address was generated randomly. Most of flood traffic of DARPA 2000 LLDOS 1.0 dataset can be filtered by ingress/egress filtering techniques [4] which are widely deployed. We used GA to optimize parameters and Table 2 shows the experimental results

5 DARPA 2000 LLDOS LBL- PKT-4 Matrix Size TABLE II. The number of packets for a window OPTIMIZATION RESULT Threshold value T Detection Rates Detection Delay (sec) 86 by The optimized parameters may provide high detection rates and short detection delay. Figure 5 shows changes of variance. In Figure 5, each point indicates value of variance derived from a complete traffic matrix. When attack traffic comes between 30 and 36 seconds, the variance becomes lower than threshold value, T, which means that attack is detected. Another marked difference during attack phase is interval between derived variances which represents updating speed. These experimental results showed that our proposed detection model can response to DDoS attacks almost immediately with high accuracy regardless of subnet spoofing technique. Figure 5. Variance VS. time on DARPA 2000 LLDOS 1.0 with LBL-PKT-4 The experimental results showed that our detection model is very accurate and does not need much time to response to DDoS attacks. Also, all three detection parameters were well optimized by GA as it had the highest detection rates. The optimized parameters made our detection model run in different network environments regardless of volume of attack traffic. V. CONCLUSION In this paper, we have proposed a novel detection model to detect the DDoS attacks using the dispersibility of the inbound packets source IP addresses. We have employed a traffic matrix based approach and optimized parameters used in detection through Genetic Algorithm (GA). We showed that our approach meet the major requirements of detection approach such as low processing overheads, short detection delay and high detection rates. Our model can be used in a real-time network environment and it can be implemented easily. Constructing a traffic matrix requires only two fields of IP header such as arrival time of packet and source IP address. A simple hash function was also adopted to locate packets to the traffic matrix. Variable window based on the number of incoming packets makes our model effective in terms of detection delay. Our detection model can also maximize the detection rates by optimizing detection parameters according to corresponding network environments through GA. REFERENCES [1] B. E. Brodsky and B. S. Darkhovsky, Nonparametric Methods in Change-point Problems, Kluwer Academic Publishers, [2] C. Douligeris and A. Mitrokotsa, DDoS Attacks and Defense Mechanisms: Classification and State-of-the-Art, Computer Networks, Vol. 44, No. 5, pp , April [3] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, Statistical Approaches to DDoS Attack Detection and Response, In Proc. of DARPA Information Survivability Conf. and Exposition, pp , [4] T. Killalea, Recommended Internet Service Provider Security Services and Procedures, IETF RFC 3013, November [5] Y. Kim, J.-Y. Jo, and K. Suh, Baseline Profile Stability for Network Anomaly Detection, In Proc. of the 3 rd Int. Conf. on Information Technology: New Generations, pp , April [6] T. Kim, D. Kim, S. Lee, and J. Park, Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average, In Proc. 3 rd Conf. on Information Security and Assurance, Lecture Notes in Computer Science, Vol. 5567, pp , June [7] W. Lee and S. J. Stolfo, Data Mining Approaches for Intrusion Detection, In Proc. of the 7 th USENIX Security Symp., pp , January [8] W. Lee, S. J. Stolfo, and K. W. Mok, A Data Mining Framework for Building Intrusion Detection Models, In Proc. of the 1999 IEEE Symp. on Security and Privacy, pp , May [9] J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang, SAVE: Source Address Validity Enforcement Protocol, In Proc. Of INFOCOM 2002, Vol. 3, pp , June [10] J. Mirkovic and P. Reiher, A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms, ACM SIGCOMM Computer Comm. Rev., Vol. 34, No. 2, pp , April [11] T. Peng, C. Leckie, and R. Kotagiri, Proactively Detecting DDoS Attack Using Source IP Address Monitoring, In Proc. of 3 rd Int. IFIP-TC6 Networking Conf., Lecture Notes in Computer Science, Vol. 3042, pp , May [12] M. Roesch, Snort - Lightweight Intrusion Detection for Networks, In Proc. of the 13 th USENIX Conf. on System Administration, pp , November [13] M. Roesch, Snort Users Manual: Snort Release 1.8.5, March [14] R. R. Talpade, G. Kim, and S. Khurana, NOMAD: Traffic-Based Network Monitoring Framework for Anomaly Detection, In Proc. of the 4 th IEEE Symp. on Computers and Comm., July [15] H. Wang, D. Zhang, and K. G. Shin, Detecting SYN Flooding Attacks, In Proc. of IEEE INFOCOM, Vol. 3, pp , June [16] Arbor networks, "World Wide Infrastructure Security Report 2008," [17] MIT Lincoln lab (2000), DARPA intrusion detection scenario specific datasets, Available from < ta/index.html>

Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average

Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average Tae Hwan Kim 1, Dong Seong Kim 2, Sang Min Lee 1, and Jong Sou Park 1 1 Dept. of Computer Engineering, Korea Aerospace

More information

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,

More information

Approach Using Genetic Algorithm for Intrusion Detection System

Approach Using Genetic Algorithm for Intrusion Detection System Approach Using Genetic Algorithm for Intrusion Detection System 544 Abhijeet Karve Government College of Engineering, Aurangabad, Dr. Babasaheb Ambedkar Marathwada University, Aurangabad, Maharashtra-

More information

Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric

Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric HeyShanthiniPandiyaKumari.S 1, Rajitha Nair.P 2 1 (Department of Computer Science &Engineering,

More information

Multivariate Correlation Analysis based detection of DOS with Tracebacking

Multivariate Correlation Analysis based detection of DOS with Tracebacking 1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor

More information

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,

More information

Hardware Supports for Network Traffic Anomaly Detection

Hardware Supports for Network Traffic Anomaly Detection Hardware Sups for Network Traffic Anomaly Detection Dae-won Kim and Jin-tae Oh Electronics and Telecommunications Research Institute in Korea Abstract - Modern network systems are plagued with unknown

More information

Measuring Defence Systems Against Flooding Attacks

Measuring Defence Systems Against Flooding Attacks Measuring Defence Systems Against Flooding Attacks Martine Bellaïche Génie Informatique, Ecole Polytechnique de Montréal Montréal, QC, CANADA email: martine.bellaiche@polymtl.ca Jean-Charles Grégoire INRS

More information

DDOS Attack Prevention Technique in Cloud

DDOS Attack Prevention Technique in Cloud DDOS Attack Prevention Technique in Cloud Priyanka Dembla, Chander Diwaker CSE Department, U.I.E.T Kurukshetra University Kurukshetra, Haryana, India Email: priyankadembla05@gmail.com Abstract Cloud computing

More information

The Study of Genetic Algorithm-based Task Scheduling for Cloud Computing

The Study of Genetic Algorithm-based Task Scheduling for Cloud Computing The Study of Genetic Algorithm-based Task Scheduling for Cloud Computing Sung Ho Jang, Tae Young Kim, Jae Kwon Kim and Jong Sik Lee School of Information Engineering Inha University #253, YongHyun-Dong,

More information

TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM

TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM Anburaj. S 1, Kavitha. M 2 1,2 Department of Information Technology, SRM University, Kancheepuram, India. anburaj88@gmail.com,

More information

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks Journal of Computer Science Original Research Paper Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks 1 Ayyamuthukumar, D. and 2 S. Karthik 1 Department of CSE,

More information

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS ISSN: 2229-6948 (ONLINE) ICTACT JOURNAL OF COMMUNICATION TECHNOLOGY, JUNE 2010, VOLUME: 01, ISSUE: 02 DOI: 10.21917/ijct.2010.0013 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING

More information

A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK

A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK P.Priya 1, S.Tamilvanan 2 1 M.E-Computer Science and Engineering Student, Bharathidasan Engineering College, Nattrampalli. 2

More information

DETECTION OF NETWORK ANOMALIES USING RANK TESTS

DETECTION OF NETWORK ANOMALIES USING RANK TESTS DETECTION OF NETWORK ANOMALIES USING RANK TESTS Céline Lévy-Leduc CNRS/LTCI/Télécom ParisTech 37/39, Rue Dareau - 754 Paris - Email: celine.levy-leduc@telecom-paristech.fr ABSTRACT We propose a novel and

More information

An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network

An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network Lizhong Xie, Jun Bi, and Jianpin Wu Network Research Center, Tsinghua University, Beijing, 100084, China

More information

Basic Concepts in Intrusion Detection

Basic Concepts in Intrusion Detection Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification

More information

DDoS Attack Detection Using Moment in Statistics with Discriminant Analysis

DDoS Attack Detection Using Moment in Statistics with Discriminant Analysis DDoS Attack Detection Using Moment in Statistics with Discriminant Analysis Pradit Pitaksathienkul 1 and Pongpisit Wuttidittachotti 2 King Mongkut s University of Technology North Bangkok, Thailand 1 praditp9@gmail.com

More information

Review on Data Mining Techniques for Intrusion Detection System

Review on Data Mining Techniques for Intrusion Detection System Review on Data Mining Techniques for Intrusion Detection System Sandeep D 1, M. S. Chaudhari 2 Research Scholar, Dept. of Computer Science, P.B.C.E, Nagpur, India 1 HoD, Dept. of Computer Science, P.B.C.E,

More information

Prof. N. P. Karlekar Project Guide Dept. computer Sinhgad Institute of Technology

Prof. N. P. Karlekar Project Guide Dept. computer Sinhgad Institute of Technology Volume 4, Issue 7, July 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Advance Deterministic

More information

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack J.Anbu selvan 1, P.Bharat 2, S.Mathiyalagan 3 J.Anand 4 1, 2, 3, 4 PG Scholar, BIT, Sathyamangalam ABSTRACT:

More information

Role of Genetic Algorithm in Routing for Large Network

Role of Genetic Algorithm in Routing for Large Network Role of Genetic Algorithm in Routing for Large Network *Mr. Kuldeep Kumar, Computer Programmer, Krishi Vigyan Kendra, CCS Haryana Agriculture University, Hisar. Haryana, India verma1.kuldeep@gmail.com

More information

An Efficient and Practical Defense Method Against DDoS Attack at the Source-End

An Efficient and Practical Defense Method Against DDoS Attack at the Source-End An Efficient and Practical Defense Method Against DDoS Attack at the Source-End Yanxiang He Wei Chen Bin Xiao Wenling Peng Computer School, The State Key Lab of Software Engineering Wuhan University, Wuhan

More information

A Rule-Based Intrusion Alert Correlation System for Integrated Security Management *

A Rule-Based Intrusion Alert Correlation System for Integrated Security Management * A Rule-Based Intrusion Correlation System for Integrated Security Management * Seong-Ho Lee 1, Hyung-Hyo Lee 2, and Bong-Nam Noh 1 1 Department of Computer Science, Chonnam National University, Gwangju,

More information

Experience with SPM in IPv6

Experience with SPM in IPv6 Experience with SPM in IPv6 Mingjiang Ye, Jianping Wu, and Miao Zhang Department of Computer Science, Tsinghua University, Beijing, 100084, P.R. China yemingjiang@csnet1.cs.tsinghua.edu.cn {zm,jianping}@cernet.edu.cn

More information

A Genetic Algorithm-Based Approach for Energy- Efficient Clustering of Wireless Sensor Networks

A Genetic Algorithm-Based Approach for Energy- Efficient Clustering of Wireless Sensor Networks A Genetic Algorithm-Based Approach for Energy- Efficient Clustering of Wireless Sensor Networks A. Zahmatkesh and M. H. Yaghmaee Abstract In this paper, we propose a Genetic Algorithm (GA) to optimize

More information

Intrusion Detection with CUSUM for TCP-Based DDoS

Intrusion Detection with CUSUM for TCP-Based DDoS Intrusion Detection with CUSUM for TCP-Based DDoS Fang-Yie Leu and Wei-Jie Yang Department of Computer Science and Information Engineering, Tunghai University, Taiwan leufy@thu.edu.tw Abstract. DDoS(Distributed

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based

More information

Detecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University

Detecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University Detecting Distributed Denial-of of-service Attacks by analyzing TCP SYN packets statistically Yuichi Ohsita Osaka University Contents What is DDoS How to analyze packet Traffic modeling Method to detect

More information

AN EVOLUTIONARY APPROACH TO DISTANCE VECTOR ROUTING

AN EVOLUTIONARY APPROACH TO DISTANCE VECTOR ROUTING International Journal of Latest Research in Science and Technology Volume 3, Issue 3: Page No. 201-205, May-June 2014 http://www.mnkjournals.com/ijlrst.htm ISSN (Online):2278-5299 AN EVOLUTIONARY APPROACH

More information

A hierarchical network model for network topology design using genetic algorithm

A hierarchical network model for network topology design using genetic algorithm A hierarchical network model for network topology design using genetic algorithm Chunlin Wang 1, Ning Huang 1,a, Shuo Zhang 2, Yue Zhang 1 and Weiqiang Wu 1 1 School of Reliability and Systems Engineering,

More information

Design of NePID using Anomaly Traffic Analysis and Fuzzy Cognitive Maps. 비정상트래픽분석과퍼지인식도를이용한 NePID 설계

Design of NePID using Anomaly Traffic Analysis and Fuzzy Cognitive Maps. 비정상트래픽분석과퍼지인식도를이용한 NePID 설계 한국산학기술학회논문지 Vol. 10, No. 4, pp. 811-817, 2009 Design of NePID using Anomaly Traffic Analysis and Fuzzy Cognitive Maps Hyeock-Jin Kim 1, Sang-Ryul Ryu 1 and Se-Yul Lee 1* 1 Dept. of Computer Science, Chungwoon

More information

A New Selection Operator - CSM in Genetic Algorithms for Solving the TSP

A New Selection Operator - CSM in Genetic Algorithms for Solving the TSP A New Selection Operator - CSM in Genetic Algorithms for Solving the TSP Wael Raef Alkhayri Fahed Al duwairi High School Aljabereyah, Kuwait Suhail Sami Owais Applied Science Private University Amman,

More information

Flooding Attacks by Exploiting Persistent Forwarding Loops

Flooding Attacks by Exploiting Persistent Forwarding Loops Flooding Attacks by Exploiting Persistent Forwarding Jianhong Xia, Lixin Gao, Teng Fei University of Massachusetts at Amherst {jxia, lgao, tfei}@ecs.umass.edu ABSTRACT In this paper, we present flooding

More information

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks S. Balachandran, D. Dasgupta, L. Wang Intelligent Security Systems Research Lab Department of Computer Science The University of

More information

INTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK

INTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK INTRUSION DETECTION SYSTEM USING BIG DATA FRAMEWORK Abinesh Kamal K. U. and Shiju Sathyadevan Amrita Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa

More information

Network Routing Protocol using Genetic Algorithms

Network Routing Protocol using Genetic Algorithms International Journal of Electrical & Computer Sciences IJECS-IJENS Vol:0 No:02 40 Network Routing Protocol using Genetic Algorithms Gihan Nagib and Wahied G. Ali Abstract This paper aims to develop a

More information

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

More information

Combining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks*

Combining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks* Combining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks* Wei Wei 1, Yabo Dong 1, Dongming Lu 1, and Guang Jin 2 1 College of Compute Science and Technology,

More information

A Firewall Architecture to Enhance Performance of Enterprise Network

A Firewall Architecture to Enhance Performance of Enterprise Network A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle

More information

Preprocessing of Stream Data using Attribute Selection based on Survival of the Fittest

Preprocessing of Stream Data using Attribute Selection based on Survival of the Fittest Preprocessing of Stream Data using Attribute Selection based on Survival of the Fittest Bhakti V. Gavali 1, Prof. Vivekanand Reddy 2 1 Department of Computer Science and Engineering, Visvesvaraya Technological

More information

Genetic Algorithm Performance with Different Selection Methods in Solving Multi-Objective Network Design Problem

Genetic Algorithm Performance with Different Selection Methods in Solving Multi-Objective Network Design Problem etic Algorithm Performance with Different Selection Methods in Solving Multi-Objective Network Design Problem R. O. Oladele Department of Computer Science University of Ilorin P.M.B. 1515, Ilorin, NIGERIA

More information

DDoS PREVENTION TECHNIQUE

DDoS PREVENTION TECHNIQUE http://www.ijrst.com DDoS PREVENTION TECHNIQUE MADHU MALIK ABSTRACT A mobile ad hoc network (MANET) is a spontaneous network that can be established with no fixed infrastructure. This means that all its

More information

Detecting Spam Zombies By Monitoring Outgoing Messages

Detecting Spam Zombies By Monitoring Outgoing Messages International Refereed Journal of Engineering and Science (IRJES) ISSN (Online) 2319-183X, (Print) 2319-1821 Volume 5, Issue 5 (May 2016), PP.71-75 Detecting Spam Zombies By Monitoring Outgoing Messages

More information

ISSN: [Keswani* et al., 7(1): January, 2018] Impact Factor: 4.116

ISSN: [Keswani* et al., 7(1): January, 2018] Impact Factor: 4.116 IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY AUTOMATIC TEST CASE GENERATION FOR PERFORMANCE ENHANCEMENT OF SOFTWARE THROUGH GENETIC ALGORITHM AND RANDOM TESTING Bright Keswani,

More information

An Autonomic Framework for Integrating Security and Quality of Service Support in Databases

An Autonomic Framework for Integrating Security and Quality of Service Support in Databases An Autonomic Framework for Integrating Security and Quality of Service Support in Databases Firas Alomari The Volgenau School of Engineering George Mason University Daniel A. Menasce Department of Computer

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

Developing the Sensor Capability in Cyber Security

Developing the Sensor Capability in Cyber Security Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development

More information

DDoS Detection in SDN Switches using Support Vector Machine Classifier

DDoS Detection in SDN Switches using Support Vector Machine Classifier Joint International Mechanical, Electronic and Information Technology Conference (JIMET 2015) DDoS Detection in SDN Switches using Support Vector Machine Classifier Xue Li1, a *, Dongming Yuan2,b, Hefei

More information

Fast and Evasive Attacks: Highlighting the Challenges Ahead

Fast and Evasive Attacks: Highlighting the Challenges Ahead Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling

More information

CLASSIFICATION OF LINK BASED IDENTIFICATION RESISTANT TO DRDOS ATTACKS

CLASSIFICATION OF LINK BASED IDENTIFICATION RESISTANT TO DRDOS ATTACKS CLASSIFICATION OF LINK BASED IDENTIFICATION RESISTANT TO DRDOS ATTACKS 1 S M ZAHEER, 2 V.VENKATAIAH 1 M.Tech, Department of CSE, CMR College Of Engineering & Technology, Kandlakoya Village, Medchal Mandal,

More information

AN OPTIMIZATION GENETIC ALGORITHM FOR IMAGE DATABASES IN AGRICULTURE

AN OPTIMIZATION GENETIC ALGORITHM FOR IMAGE DATABASES IN AGRICULTURE AN OPTIMIZATION GENETIC ALGORITHM FOR IMAGE DATABASES IN AGRICULTURE Changwu Zhu 1, Guanxiang Yan 2, Zhi Liu 3, Li Gao 1,* 1 Department of Computer Science, Hua Zhong Normal University, Wuhan 430079, China

More information

EFFECT OF HALF-OPEN CONNECTION LIFETIME IN DEFENDING AGAINST DDOS ATTACK

EFFECT OF HALF-OPEN CONNECTION LIFETIME IN DEFENDING AGAINST DDOS ATTACK International Journal on Information Sciences and Computing, Vol.3, No.2, July 2009 33 EFFECT OF HALF-OPEN CONNECTION LIFETIME IN DEFENDING AGAINST DDOS ATTACK 1 2 S.Meenakshi, Dr.S.K.Srivatsa, 1 Assistant

More information

Network Security. Chapter 0. Attacks and Attack Detection

Network Security. Chapter 0. Attacks and Attack Detection Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part

More information

C 1 Modified Genetic Algorithm to Solve Time-varying Lot Sizes Economic Lot Scheduling Problem

C 1 Modified Genetic Algorithm to Solve Time-varying Lot Sizes Economic Lot Scheduling Problem C 1 Modified Genetic Algorithm to Solve Time-varying Lot Sizes Economic Lot Scheduling Problem Bethany Elvira 1, Yudi Satria 2, dan Rahmi Rusin 3 1 Student in Department of Mathematics, University of Indonesia,

More information

2 An Integrated Victim-based Approach Against IP Packet Flooding Denial of Service

2 An Integrated Victim-based Approach Against IP Packet Flooding Denial of Service 2 An Integrated Victim-based Approach Against IP Packet Flooding Denial of Service Ruth M. Mutebi, Department of Networks, Faculty of Computing and IT Makerere University, Uganda, rmbabazi@tech.mak.ac.ug

More information

Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor

Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor -0- Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor Lambert Schaelicke, Matthew R. Geiger, Curt J. Freeland Department of Computer Science and Engineering University

More information

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial

More information

Genetic Algorithms. Kang Zheng Karl Schober

Genetic Algorithms. Kang Zheng Karl Schober Genetic Algorithms Kang Zheng Karl Schober Genetic algorithm What is Genetic algorithm? A genetic algorithm (or GA) is a search technique used in computing to find true or approximate solutions to optimization

More information

Detection of DDoS Attack on the Client Side Using Support Vector Machine

Detection of DDoS Attack on the Client Side Using Support Vector Machine Detection of DDoS Attack on the Client Side Using Support Vector Machine Donghoon Kim * and Ki Young Lee** *Department of Information and Telecommunication Engineering, Incheon National University, Incheon,

More information

FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis

FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (206) Published online in Wiley Online Library (wileyonlinelibrary.com)..460 RESEARCH ARTICLE FFSc: a novel measure for low-rate and high-rate

More information

Detecting Denial of Service Intrusion Detection Aamir Islam Dept. of Computer Science, University of Central Punjab, Lahore, Pakistan.

Detecting Denial of Service Intrusion Detection Aamir Islam Dept. of Computer Science, University of Central Punjab, Lahore, Pakistan. Detecting Denial of Service Intrusion Detection Aamir Islam Dept. of Computer Science, University of Central Punjab, Lahore, Pakistan. aamir.islam@pcit.ucp.edu.pk Abstract Denial of Service (DoS) attack

More information

Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow

Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security

More information

Enhancement of the CBT Multicast Routing Protocol

Enhancement of the CBT Multicast Routing Protocol Enhancement of the CBT Multicast Routing Protocol Seok Joo Koh and Shin Gak Kang Protocol Engineering Center, ETRI, Korea E-mail: sjkoh@pec.etri.re.kr Abstract In this paper, we propose a simple practical

More information

Information Fusion Dr. B. K. Panigrahi

Information Fusion Dr. B. K. Panigrahi Information Fusion By Dr. B. K. Panigrahi Asst. Professor Department of Electrical Engineering IIT Delhi, New Delhi-110016 01/12/2007 1 Introduction Classification OUTLINE K-fold cross Validation Feature

More information

1. Introduction. 2. Motivation and Problem Definition. Volume 8 Issue 2, February Susmita Mohapatra

1. Introduction. 2. Motivation and Problem Definition. Volume 8 Issue 2, February Susmita Mohapatra Pattern Recall Analysis of the Hopfield Neural Network with a Genetic Algorithm Susmita Mohapatra Department of Computer Science, Utkal University, India Abstract: This paper is focused on the implementation

More information

TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS

TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS Mohammed Alenezi 1 and Martin J Reed 2 1 School of Computer Science and Electronic Engineering, University of Essex, UK mnmale@essex.ac.uk 2 School of Computer

More information

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV) Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,

More information

Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation

Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Yu Gu, Andrew McCallum, Don Towsley Department of Computer Science, University of Massachusetts, Amherst, MA 01003 Abstract We develop

More information

Impact of Hello Interval on Performance of AODV Protocol

Impact of Hello Interval on Performance of AODV Protocol Impact of Hello Interval on Performance of AODV Nisha Bhanushali Priyanka Thakkar Prasanna Shete ABSTRACT The multi-hop ad hoc networks are self organizing networks with dynamic topology. The reactive

More information

THE MULTI-TARGET FIRE DISTRIBUTION STRATEGY RESEARCH OF THE ANTI-AIR FIRE BASED ON THE GENETIC ALGORITHM. Received January 2011; revised May 2011

THE MULTI-TARGET FIRE DISTRIBUTION STRATEGY RESEARCH OF THE ANTI-AIR FIRE BASED ON THE GENETIC ALGORITHM. Received January 2011; revised May 2011 International Journal of Innovative Computing, Information and Control ICIC International c 2012 ISSN 1349-4198 Volume 8, Number 4, April 2012 pp. 2803 2810 THE MULTI-TARGET FIRE DISTRIBUTION STRATEGY

More information

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations

More information

Low-rate and High-rate Distributed DoS Attack Detection Using Partial Rank Correlation

Low-rate and High-rate Distributed DoS Attack Detection Using Partial Rank Correlation Low-rate and High-rate Distributed DoS Attack Detection Using Partial Rank Correlation Monowar H. Bhuyan and Abhishek Kalwar Dept. of Computer Science & Engg. Kaziranga University, Jorhat-785006, Assam

More information

CHAPTER 5 ANT-FUZZY META HEURISTIC GENETIC SENSOR NETWORK SYSTEM FOR MULTI - SINK AGGREGATED DATA TRANSMISSION

CHAPTER 5 ANT-FUZZY META HEURISTIC GENETIC SENSOR NETWORK SYSTEM FOR MULTI - SINK AGGREGATED DATA TRANSMISSION CHAPTER 5 ANT-FUZZY META HEURISTIC GENETIC SENSOR NETWORK SYSTEM FOR MULTI - SINK AGGREGATED DATA TRANSMISSION 5.1 INTRODUCTION Generally, deployment of Wireless Sensor Network (WSN) is based on a many

More information

CHAPTER 6 HYBRID AI BASED IMAGE CLASSIFICATION TECHNIQUES

CHAPTER 6 HYBRID AI BASED IMAGE CLASSIFICATION TECHNIQUES CHAPTER 6 HYBRID AI BASED IMAGE CLASSIFICATION TECHNIQUES 6.1 INTRODUCTION The exploration of applications of ANN for image classification has yielded satisfactory results. But, the scope for improving

More information

DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN

DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN ------------------- CHAPTER 4 DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN In this chapter, MAC layer based defense architecture for RoQ attacks in Wireless LAN

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 11

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 11 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 11 Attack prevention, detection and response Acknowledgments This course is based

More information

IP Traceback Based on Chinese Remainder Theorem

IP Traceback Based on Chinese Remainder Theorem IP Traceback Based on Chinese Remainder Theorem LIH-CHYAU WUU a, CHI-HSIANG HUNG b AND JYUN-YAN YANG a a Department of Computer Science and Information Engineering National Yunlin University of Science

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 9

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 9 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 9 Attacks and Attack Detection (Prevention, Detection and Response) Attacks and Attack

More information

Various Anti IP Spoofing Techniques

Various Anti IP Spoofing Techniques Various Anti IP Spoofing Techniques Sonal Patel, M.E Student, Department of CSE, Parul Institute of Engineering & Technology, Vadodara, India Vikas Jha, Assistant Professor, Department of CSE, Parul Institute

More information

A New Logging-based IP Traceback Approach using Data Mining Techniques

A New Logging-based IP Traceback Approach using Data Mining Techniques using Data Mining Techniques Internet & Multimedia Engineering, Konkuk University, Seoul, Republic of Korea hsriverv@gmail.com, kimsr@konuk.ac.kr Abstract IP Traceback is a way to search for sources of

More information

Distributed Optimization of Feature Mining Using Evolutionary Techniques

Distributed Optimization of Feature Mining Using Evolutionary Techniques Distributed Optimization of Feature Mining Using Evolutionary Techniques Karthik Ganesan Pillai University of Dayton Computer Science 300 College Park Dayton, OH 45469-2160 Dale Emery Courte University

More information

Communication Pattern Anomaly Detection in Process Control Systems

Communication Pattern Anomaly Detection in Process Control Systems Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein

More information

Security Enhanced Dynamic Routing using Quasigroups Mr. K.J. Pavithran Kumar 1 and Mr. D. Vivekananda Reddy 2

Security Enhanced Dynamic Routing using Quasigroups Mr. K.J. Pavithran Kumar 1 and Mr. D. Vivekananda Reddy 2 Security Enhanced Dynamic Routing using Quasigroups Mr. K.J. Pavithran Kumar 1 and Mr. D. Vivekananda Reddy 2 1 M.Tech Student in Computer Science and Engineering, Sri Venkateswara University, Tirupati.

More information

A Survey on Different IP Traceback Techniques for finding The Location of Spoofers Amruta Kokate, Prof.Pramod Patil

A Survey on Different IP Traceback Techniques for finding The Location of Spoofers Amruta Kokate, Prof.Pramod Patil www.ijecs.in International Journal Of Engineering And Computer Science ISSN: 2319-7242 Volume 4 Issue 12 Dec 2015, Page No. 15132-15135 A Survey on Different IP Traceback Techniques for finding The Location

More information

A New Perspective in Defending against DDoS

A New Perspective in Defending against DDoS A New Perspective in Defending against DDoS Shigang Chen Randy Chow Department of Computer & Information Science & Engineering University of Florida, Gainesville, FL 326, USA {sgchen, chow}@cise.ufl.edu

More information

Hybrid Feature Selection for Modeling Intrusion Detection Systems

Hybrid Feature Selection for Modeling Intrusion Detection Systems Hybrid Feature Selection for Modeling Intrusion Detection Systems Srilatha Chebrolu, Ajith Abraham and Johnson P Thomas Department of Computer Science, Oklahoma State University, USA ajith.abraham@ieee.org,

More information

Detection and Analysis of Distributed Denial-of-service in Internet of Things Employing Artificial Neural Network and Apache Spark Platform

Detection and Analysis of Distributed Denial-of-service in Internet of Things Employing Artificial Neural Network and Apache Spark Platform Sensors and Materials, Vol. 3, No. 4 (28) 857 867 MYU Tokyo 857 S & M 544 Detection and Analysis of Distributed Denial-of-service in Internet of Things Employing Artificial Neural Network and Apache Spark

More information

Anomaly Detection in Communication Networks

Anomaly Detection in Communication Networks Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u

More information

A Hybrid Intrusion Detection System Of Cluster Based Wireless Sensor Networks

A Hybrid Intrusion Detection System Of Cluster Based Wireless Sensor Networks A Hybrid Intrusion Detection System Of Cluster Based Wireless Sensor Networks An efficient intrusion detection framework in cluster-based wireless sensor networks Paper: A lightweight hybrid security framework

More information

The Simple Genetic Algorithm Performance: A Comparative Study on the Operators Combination

The Simple Genetic Algorithm Performance: A Comparative Study on the Operators Combination INFOCOMP 20 : The First International Conference on Advanced Communications and Computation The Simple Genetic Algorithm Performance: A Comparative Study on the Operators Combination Delmar Broglio Carvalho,

More information

Detecting Distributed Denial-of-Service Attacks by analyzing TCP SYN packets statistically

Detecting Distributed Denial-of-Service Attacks by analyzing TCP SYN packets statistically Detecting Distributed Denial-of-Service Attacks by analyzing TCP SYN packets statistically Yuichi Ohsita Graduate School of Information Science and Technology, Osaka University 1-3 Machikaneyama, Toyonaka,

More information

A Modified Genetic Algorithm for Process Scheduling in Distributed System

A Modified Genetic Algorithm for Process Scheduling in Distributed System A Modified Genetic Algorithm for Process Scheduling in Distributed System Vinay Harsora B.V.M. Engineering College Charatar Vidya Mandal Vallabh Vidyanagar, India Dr.Apurva Shah G.H.Patel College of Engineering

More information

A Genetic Algorithm for Graph Matching using Graph Node Characteristics 1 2

A Genetic Algorithm for Graph Matching using Graph Node Characteristics 1 2 Chapter 5 A Genetic Algorithm for Graph Matching using Graph Node Characteristics 1 2 Graph Matching has attracted the exploration of applying new computing paradigms because of the large number of applications

More information

QoS Provisioning Using IPv6 Flow Label In the Internet

QoS Provisioning Using IPv6 Flow Label In the Internet QoS Provisioning Using IPv6 Flow Label In the Internet Xiaohua Tang, Junhua Tang, Guang-in Huang and Chee-Kheong Siew Contact: Junhua Tang, lock S2, School of EEE Nanyang Technological University, Singapore,

More information

Suppose you have a problem You don t know how to solve it What can you do? Can you use a computer to somehow find a solution for you?

Suppose you have a problem You don t know how to solve it What can you do? Can you use a computer to somehow find a solution for you? Gurjit Randhawa Suppose you have a problem You don t know how to solve it What can you do? Can you use a computer to somehow find a solution for you? This would be nice! Can it be done? A blind generate

More information

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 1 1ST QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2018 4 DDoS

More information

UNDERSTANDING AND EVALUATING THE IMPACT OF SAMPLING ON ANOMALY DETECTION TECHNIQUES

UNDERSTANDING AND EVALUATING THE IMPACT OF SAMPLING ON ANOMALY DETECTION TECHNIQUES UNDERSTANDING AND EVALUATING THE IMPACT OF SAMPLING ON ANOMALY DETECTION TECHNIQUES Georgios Androulidakis, Vasilis Chatzigiannakis, Symeon Papavassiliou, Mary Grammatikou and Vasilis Maglaris Network

More information