Detection of Low-Intensity DoS Attacks by Using a Combined Neural Network Using a DoS Attack Level Analysis Algorithm

Abstract

The growing number and complexity of attacks on access to information is one of the main problems in the field of web crimes today. These intrusions form a class of denial-of-service attacks. DoS attack is an attack carried out in order to bring the system to failure. A huge amount of traffic is generated due to which the server is rebooted, which further leads to its blocking. Usually, the most frequently attacked resources are: channel width, processor time of servers and routers etc. In order to minimize the consequences of such attacks, a wide range of mechanisms are used. One of these tools is the intrusion detection method. However, when detecting low-intensity attacks (low-rate-DoS), some methods of detecting attacks based on standard statistical methods show a rather low result. In this situation, neural networks act as a solution to the problem. They are used in almost all attack detection tools, both separately and with other protection mechanisms.
This article describes the development and experimental study of the effectiveness of the method for detecting low-intensity denial-of-service attacks (low-rate-DoS) and the implementation of the developed algorithm for analyzing the level of DoS attacks. This paper uses a model of low-intensity attacks in the form of simultaneous overlay of network events and abnormal traffic. The essence of the method is to identify homogeneous groups of a time series using pattern recognition models and build a prediction model for each specific group to detect an attack scenario.

Author Biographies

Artem Sergeevich Turashev, Lomonosov Moscow State University

student of the Faculty of Computational Mathematics and Cybernetics

Vladimir Alexandrovich Sukhomlin, Lomonosov Moscow State University; Federal Research Center Computer Science and Control of Russian Academy of Sciences

Head of the Open Information Technologies Lab, Faculty of Computational Mathematics and Cybernetics; Leading Researcher of the Institute of Informatics Problems of the Russian Academy of Sciences, Dr. Sci. (Tech.), Professor

References

1. Wu Z., Yue M., Li D., Xie K. SEDP-based detection of low-rate DoS attacks. International Journal of Communication Systems. 2014;28(11):1772-1788. doi: https://doi.org/10.1002/dac.2783C
2. Fu Y., Duan X., Wang K., Li B. Low-rate Denial of Service attack detection method based on time-frequency characteristics. Journal of Cloud Computing. 2022;11:31. doi: https://doi.org/10.1186/s13677-022-00308-3
3. Liu L., Wang H., Wu Z., Yue M. The detection method of low-rate DoS attack based on multi-feature fusion. Digital Communications and Networks. 2020;6(4):504-513. doi: https://doi.org/10.1016/j.dcan.2020.04.002
4. Alashhab A.A., Zahid M.S.M., Azim M.A., Daha M.Y., Isyaku B., Ali S. A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks. Symmetry. 2022;14(8):1563. doi: https://doi.org/10.3390/sym14081563
5. Zhan S., Tang D., Man J., Dai R., Wang X. Low-Rate DoS Attacks Detection Based on MAF-ADM. Sensors. 2020;20(1):189. doi: https://doi.org/10.3390/s20010189
6. Zhou L., Liao M., Yuan C., Zhang H. Low-Rate DDoS Attack Detection Using Expectation of Packet Size. Security and Communication Networks. 2017;2017:3691629. doi: https://doi.org/10.1155/2017/3691629
7. Cheng J., Yin J., Wu C., Zhang B., Liu Y. DDoS Attack Detection Method Based on Linear Prediction Model. In: Huang D.S., Jo K.H., Lee H.H., Kang H.J., Bevilacqua V. (Eds.) Emerging Intelligent Computing Technology and Applications. ICIC 2009. Lecture Notes in Computer Science. Vol. 5754. Berlin, Heidelberg: Springer; 2009. p. 1004-1013. doi: https://doi.org/10.1007/978-3-642-04070-2_106
8. Shevtekar A., Ansari N. A Proactive Test Based Differentiation Technique to Mitigate Low Rate DoS Attacks. In: 2007 16th International Conference on Computer Communications and Networks. Honolulu, HI, USA: IEEE Computer Society; 2007. p. 639-644. doi: https://doi.org/10.1109/ICCCN.2007.4317889
9. van der Maaten L.J.P., Hinton G.E. Visualizing Data using t-SNE. Journal of Machine Learning Research. 2008;9(86):2579-2605. Available at: https://www.jmlr.org/papers/v9/vandermaaten08a.html (accessed 11.07.2022).
10. Velliangiri S., Alagumuthukrishnan S., Iwin Thankumar joseph S. A Review of Dimensionality Reduction Techniques for Efficient Computation. Procedia Computer Science. 2019;165:104-111. doi: https://doi.org/10.1016/j.procs.2020.01.079
11. Mizuta M. Dimension Reduction Methods. In: Gentle J., Härdle W., Mori Y. (Eds.) Handbook of Computational Statistics. Springer Handbooks of Computational Statistics. Berlin, Heidelberg: Springer; 2012. p. 619-644. doi: https://doi.org/10.1007/978-3-642-21551-3_22
12. Awad M., Khanna R. Machine Learning. In: Efficient Learning Machines. Berkeley, CA: Apress; 2015. p. 1-18. doi: https://doi.org/10.1007/978-1-4302-5990-9_1
13. Zhang N., Jaafar F., Malik Y. Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning. In: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). Paris, France: IEEE Computer Society; 2019. p. 59-62. doi: https://doi.org/10.1109/CSCloud/EdgeCom.2019.00020
14. Tang D., Dai R., Tang L., Li X. Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis. Human-centric Computing and Information Sciences. 2020;10(1):6. doi: https://doi.org/10.1186/s13673-020-0210-9
15. Prakash A., Satish M., Sri Sai Bhargav T., Bhalaji N. Detection and Mitigation of Denial of Service Attacks Using Stratified Architecture. Procedia Computer Science. 2016;87:275-280. doi: https://doi.org/10.1016/j.procs.2016.05.161
16. Brugger D., Bogdan M., Rosenstiel W. Automatic Cluster Detection in Kohonen's SOM. IEEE Transactions on Neural Networks. 2008;19(3):442-459. doi: https://doi.org/10.1109/TNN.2007.909556
17. Jun J.-H., Ahn C.-W., Kim S.-H. DDoS attack detection by using packet sampling and flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing (SAC '14). New York, NY, USA: Association for Computing Machinery; 2014. p. 711-712. doi: https://doi.org/10.1145/2554850.2555109
18. Saied A., Overill R.E., Radzik T. Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing. 2016;172:385-393. doi: https://doi.org/10.1016/j.neucom.2015.04.101
19. Özçelik I., Brooks R.R. Deceiving entropy based DoS detection. Computers & Security. 2015;48:234-245. doi: https://doi.org/10.1016/j.cose.2014.10.013
20. Alzahrani R.J., Alzahrani A. Security Analysis of DDoS Attacks Using Machine Learning Algorithms in Networks Traffic. Electronics. 2021;10(23):2919. doi: https://doi.org/10.3390/electronics10232919
21. Alexis Fidele K., Suryono, Amien Syafei W. Denial of Service (DoS) attack identification and analyse using sniffing technique in the network environment. E3S Web of Conferences. 2020;2020:15003. doi: https://doi.org/10.1051/e3sconf/202020215003
22. Rios V.D.M., Inácio P.R.M., Magoni D., Freire M.M. Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey. IEEE Access. 2022;10:76648-76668. doi: https://doi.org/10.1109/ACCESS.2022.3191430
23. Agrawal N., Tapaswi S. Low rate cloud DDoS attack defense method based on power spectral density analysis. Information Processing Letters. 2018;138:44-50. doi: https://doi.org/10.1016/j.ipl.2018.06.001
24. Mittal M., Kumar K., Behal S. Deep learning approaches for detecting DDoS attacks: a systematic review. Soft Computing. 2022. doi: https://doi.org/10.1007/s00500-021-06608-1
25. Usha G., Narang M., Kumar A. Detection and Classification of Distributed DoS Attacks Using Machine Learning. In: Smys S., Palanisamy R., Rocha Á., Beligiannis G.N. (Eds.) Computer Networks and Inventive Communication Technologies. Lecture Notes on Data Engineering and Communications Technologies. Vol. 58. Singapore: Springer; 2021. p. 985-1000. doi: https://doi.org/10.1007/978-981-15-9647-6_78
Published
2022-12-20
How to Cite
TURASHEV, Artem Sergeevich; SUKHOMLIN, Vladimir Alexandrovich. Detection of Low-Intensity DoS Attacks by Using a Combined Neural Network Using a DoS Attack Level Analysis Algorithm. Modern Information Technologies and IT-Education, [S.l.], v. 18, n. 4, p. 872-877, dec. 2022. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/923>. Date accessed: 02 aug. 2025. doi: https://doi.org/10.25559/SITITO.18.202204.872-877.
Section
Theoretical and Practical Aspects of Cybersecurity