A System for
Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis
ABSTRACT:
Interconnected systems, such as Web servers,
database servers, cloud computing servers etc, are now under threads from network
attackers. As one of most common and aggressive means, Denial-of-Service (DoS)
attacks cause serious impact on these computing systems. In this paper, we
present a DoS attack detection system that uses Multivariate Correlation
Analysis (MCA) for accurate network traffic characterization by extracting the
geometrical correlations between network traffic features. Our MCA-based DoS
attack detection system employs the principle of anomaly-based detection in
attack recognition. This makes our solution capable of detecting known and unknown
DoS attacks effectively by learning the patterns of legitimate network traffic
only. Furthermore, a triangle-area-based technique is proposed to enhance and
to speed up the process of MCA. The effectiveness of our proposed detection
system is evaluated using KDD Cup 99 dataset, and the influences of both
non-normalized data and normalized data on the performance of the proposed
detection system are examined. The results show that our system outperforms two
other previously developed state-of-the-art approaches in terms of detection
accuracy.
EXISTING SYSTEM:
Generally, network-based detection systems can be classified
into two main categories, namely misusebased detection systems and
anomaly-based detection systems. Misuse-based detection systems detect attacks
by monitoring network activities and looking for matches with the existing
attack signatures. In spite of having high detection rates to known attacks and
low false positive rates, misuse-based detection systems are easily evaded by
any new attacks and even variants of the existing attacks. Furthermore, it is a
complicated and labor intensive task to keep signature database updated because
signature generation is a manual process and heavily involves network security
expertise.
DISADVANTAGES
OF EXISTING SYSTEM:
·
Most existing
IDS are optimized to detect attacks with high accuracy. However, they still
have various disadvantages that have been outlined in a number of publications
and a lot of work has been done to analyze IDS in order to direct future research.
·
Besides
others, one drawback is the large amount of alerts produced.
PROPOSED SYSTEM:
In this paper, we present a DoS attack detection
system that uses Multivariate Correlation Analysis (MCA) for accurate network
traffic characterization by extracting the geometrical correlations between
network traffic features. Our MCA-based DoS attack detection system employs the
principle of anomaly-based detection in attack recognition.
The DoS attack detection system presented in this
paper employs the principles of MCA and anomaly-based detection. They equip our
detection system with capabilities of accurate characterization for traffic
behaviors and detection of known and unknown attacks respectively. A triangle
area technique is developed to enhance and to speed up the process of MCA. A
statistical normalization technique is used to eliminate the bias from the raw
data.
ADVANTAGES
OF PROPOSED SYSTEM:
ü More
detection accuracy
ü Less
false alarm
ü Accurate
characterization for traffic behaviors and detection of known and unknown
attacks respectively
SYSTEM ARCHITECTURE:
SYSTEM CONFIGURATION:-
H/W SYSTEM CONFIGURATION:-
ü Processor -Pentium –III
ü Speed - 1.1 Ghz
ü RAM - 256 MB(min)
ü Hard
Disk - 20 GB
ü Floppy
Drive - 1.44 MB
ü Key
Board - Standard Windows Keyboard
ü Mouse - Two or Three Button Mouse
ü Monitor - SVGA
S/W System Configuration:-
v Operating System : Windows95/98/2000/XP
v Front End : Java
v Tool :
JDK1.7
REFERENCE:
Zhiyuan Tan, Aruna Jamdagni, Xiangjian He‡, Senior Member, IEEE, Priyadarsi Nanda, Member, IEEE, and Ren Ping Liu, Member, IEEE, “A System
for Denial-of-Service Attack Detection Based on Multivariate Correlation
Analysis”, IEEE TRANSACTIONS ON PARALLEL
AND DISTRIBUTED SYSTEMS, VOL. , NO. , 2013.