Open Learning Society
Untitled Document
     
  User Name :
  Password :
   
     
Untitled Document
   
  Traffic Flooding Attack Detection and Classification with SNMP MIB via SVDD and Sparse Representation
     
    International Conference on Infomration System, Computer Engineering & Application ( ICISCEA 2011 )
    © 2011 by OLS Journal - ISSN No : 2091- 0266
    Number 1
    Year of Publication : December Issue , 2011
    Authors : Jaehak Yu, Hansung Lee, Byung-Bog Lee, Myung-Sup Kim3, Daihee Park
  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Citation Jaehak Yu, Hansung Lee, Byung-Bog Lee, Myung-Sup Kim3, Daihee Park :Traffic Flooding Attack Detection and Classification with SNMP MIB via SVDD and Sparse Representation : OLS Journals Special Isssue onInfomration System, Computer Engineering & Application , 2011 , Published by : OLS Journals
  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Abstract  
 

Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. Secondly, we use a machine learning approach based on a Support Vector Data Description (SVDD) and sparse representation for attack detection and attack classification, respectively. Using the SVDD and sparse representation, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.

  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Keywords

: Intrusion detection; MIB;  DoS/DDoS; Support vector data description; Sparse representation
  References :  
 
  1. D. Moore, G. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” Proceedings of the Usenix Security Symposium, 2001, pp. 401–414.
  2. M. Kim, H. Kang, S. Hong, S. Chung, and J. W. Hong, “A flow-based method for abnormal network traffic detection,” Proceedings of NOMS, 2004, pp. 559–612.
  3. L. Gaspary, R. Sanchez, D. Antunes, and E. Meneghetti, “A SNMP-based platform for distributed stateful intrusion detection in enterprise networks,” IEEE Journal Selected Areas Communication, vol. 23, no. 10, 2005, pp. 1973–1982.
  4. IETF RFC 1213, Management information base for network management of TCP/IP-based internets: MIB-II, http://www.rfc-editor.org/rfc/rfc1213.txt
  5. J. Cabrera, L. Lewis, X. Qin, W. Lee, and R. Mehra, “Proactive intrusion detection and distributed denial of service attacks – a case study in security management,” Journal of Network System Management, vol. 10, no. 2, 2005, pp. 225–254.
  6. R. Puttini, M. Hanashiro, F. Miziara, R. Sousa, L. Garcia-Villalba, and C. Barenco, “On the anomaly intrusion detection in mobile ad hoc network environments,” Proceedings of PWC, LNCS, vol. 4217, 2006, pp. 182–193.
  7. K. Ramah,  H. Ayari, and F. Kamoun, “Traffic anomaly detection and characterization in the tunisian national university network,” Proceedings of Networking, LNCS, vol. 3979, 2006, pp. 136–147.
  8. M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang, “A novel anomaly detection scheme based on principal component classifier,” Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, 2003, pp. 172–179.
  9. J. Yu, H. Lee, M. Kim, and D. Park, “Traffic flooding attack detection with SNMP MIB using SVM,” Computer Communications, vol. 31, no. 17, 2008, pp. 4212–4219.
  10. K. Huang and S. Aviyente, “Sparse representation for signal classification,” Advances in Neural Information Processing Systems (NIPS), 2006, pp. 609–616.
     

     
© Copyright 2011 Open Learning Society– All Rights Reserved