Detection of Low-Intensity DoS Attacks by Using a Combined Neural Network Using a DoS Attack Level Analysis Algorithm
Abstract
The growing number and complexity of attacks on access to information is one of the main problems in the field of web crimes today. These intrusions form a class of denial-of-service attacks. DoS attack is an attack carried out in order to bring the system to failure. A huge amount of traffic is generated due to which the server is rebooted, which further leads to its blocking. Usually, the most frequently attacked resources are: channel width, processor time of servers and routers etc. In order to minimize the consequences of such attacks, a wide range of mechanisms are used. One of these tools is the intrusion detection method. However, when detecting low-intensity attacks (low-rate-DoS), some methods of detecting attacks based on standard statistical methods show a rather low result. In this situation, neural networks act as a solution to the problem. They are used in almost all attack detection tools, both separately and with other protection mechanisms.
This article describes the development and experimental study of the effectiveness of the method for detecting low-intensity denial-of-service attacks (low-rate-DoS) and the implementation of the developed algorithm for analyzing the level of DoS attacks. This paper uses a model of low-intensity attacks in the form of simultaneous overlay of network events and abnormal traffic. The essence of the method is to identify homogeneous groups of a time series using pattern recognition models and build a prediction model for each specific group to detect an attack scenario.
References
2. Fu Y., Duan X., Wang K., Li B. Low-rate Denial of Service attack detection method based on time-frequency characteristics. Journal of Cloud Computing. 2022;11:31. doi: https://doi.org/10.1186/s13677-022-00308-3
3. Liu L., Wang H., Wu Z., Yue M. The detection method of low-rate DoS attack based on multi-feature fusion. Digital Communications and Networks. 2020;6(4):504-513. doi: https://doi.org/10.1016/j.dcan.2020.04.002
4. Alashhab A.A., Zahid M.S.M., Azim M.A., Daha M.Y., Isyaku B., Ali S. A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks. Symmetry. 2022;14(8):1563. doi: https://doi.org/10.3390/sym14081563
5. Zhan S., Tang D., Man J., Dai R., Wang X. Low-Rate DoS Attacks Detection Based on MAF-ADM. Sensors. 2020;20(1):189. doi: https://doi.org/10.3390/s20010189
6. Zhou L., Liao M., Yuan C., Zhang H. Low-Rate DDoS Attack Detection Using Expectation of Packet Size. Security and Communication Networks. 2017;2017:3691629. doi: https://doi.org/10.1155/2017/3691629
7. Cheng J., Yin J., Wu C., Zhang B., Liu Y. DDoS Attack Detection Method Based on Linear Prediction Model. In: Huang D.S., Jo K.H., Lee H.H., Kang H.J., Bevilacqua V. (Eds.) Emerging Intelligent Computing Technology and Applications. ICIC 2009. Lecture Notes in Computer Science. Vol. 5754. Berlin, Heidelberg: Springer; 2009. p. 1004-1013. doi: https://doi.org/10.1007/978-3-642-04070-2_106
8. Shevtekar A., Ansari N. A Proactive Test Based Differentiation Technique to Mitigate Low Rate DoS Attacks. In: 2007 16th International Conference on Computer Communications and Networks. Honolulu, HI, USA: IEEE Computer Society; 2007. p. 639-644. doi: https://doi.org/10.1109/ICCCN.2007.4317889
9. van der Maaten L.J.P., Hinton G.E. Visualizing Data using t-SNE. Journal of Machine Learning Research. 2008;9(86):2579-2605. Available at: https://www.jmlr.org/papers/v9/vandermaaten08a.html (accessed 11.07.2022).
10. Velliangiri S., Alagumuthukrishnan S., Iwin Thankumar joseph S. A Review of Dimensionality Reduction Techniques for Efficient Computation. Procedia Computer Science. 2019;165:104-111. doi: https://doi.org/10.1016/j.procs.2020.01.079
11. Mizuta M. Dimension Reduction Methods. In: Gentle J., Härdle W., Mori Y. (Eds.) Handbook of Computational Statistics. Springer Handbooks of Computational Statistics. Berlin, Heidelberg: Springer; 2012. p. 619-644. doi: https://doi.org/10.1007/978-3-642-21551-3_22
12. Awad M., Khanna R. Machine Learning. In: Efficient Learning Machines. Berkeley, CA: Apress; 2015. p. 1-18. doi: https://doi.org/10.1007/978-1-4302-5990-9_1
13. Zhang N., Jaafar F., Malik Y. Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning. In: 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). Paris, France: IEEE Computer Society; 2019. p. 59-62. doi: https://doi.org/10.1109/CSCloud/EdgeCom.2019.00020
14. Tang D., Dai R., Tang L., Li X. Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis. Human-centric Computing and Information Sciences. 2020;10(1):6. doi: https://doi.org/10.1186/s13673-020-0210-9
15. Prakash A., Satish M., Sri Sai Bhargav T., Bhalaji N. Detection and Mitigation of Denial of Service Attacks Using Stratified Architecture. Procedia Computer Science. 2016;87:275-280. doi: https://doi.org/10.1016/j.procs.2016.05.161
16. Brugger D., Bogdan M., Rosenstiel W. Automatic Cluster Detection in Kohonen's SOM. IEEE Transactions on Neural Networks. 2008;19(3):442-459. doi: https://doi.org/10.1109/TNN.2007.909556
17. Jun J.-H., Ahn C.-W., Kim S.-H. DDoS attack detection by using packet sampling and flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing (SAC '14). New York, NY, USA: Association for Computing Machinery; 2014. p. 711-712. doi: https://doi.org/10.1145/2554850.2555109
18. Saied A., Overill R.E., Radzik T. Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing. 2016;172:385-393. doi: https://doi.org/10.1016/j.neucom.2015.04.101
19. Özçelik I., Brooks R.R. Deceiving entropy based DoS detection. Computers & Security. 2015;48:234-245. doi: https://doi.org/10.1016/j.cose.2014.10.013
20. Alzahrani R.J., Alzahrani A. Security Analysis of DDoS Attacks Using Machine Learning Algorithms in Networks Traffic. Electronics. 2021;10(23):2919. doi: https://doi.org/10.3390/electronics10232919
21. Alexis Fidele K., Suryono, Amien Syafei W. Denial of Service (DoS) attack identification and analyse using sniffing technique in the network environment. E3S Web of Conferences. 2020;2020:15003. doi: https://doi.org/10.1051/e3sconf/202020215003
22. Rios V.D.M., Inácio P.R.M., Magoni D., Freire M.M. Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey. IEEE Access. 2022;10:76648-76668. doi: https://doi.org/10.1109/ACCESS.2022.3191430
23. Agrawal N., Tapaswi S. Low rate cloud DDoS attack defense method based on power spectral density analysis. Information Processing Letters. 2018;138:44-50. doi: https://doi.org/10.1016/j.ipl.2018.06.001
24. Mittal M., Kumar K., Behal S. Deep learning approaches for detecting DDoS attacks: a systematic review. Soft Computing. 2022. doi: https://doi.org/10.1007/s00500-021-06608-1
25. Usha G., Narang M., Kumar A. Detection and Classification of Distributed DoS Attacks Using Machine Learning. In: Smys S., Palanisamy R., Rocha Á., Beligiannis G.N. (Eds.) Computer Networks and Inventive Communication Technologies. Lecture Notes on Data Engineering and Communications Technologies. Vol. 58. Singapore: Springer; 2021. p. 985-1000. doi: https://doi.org/10.1007/978-981-15-9647-6_78

This work is licensed under a Creative Commons Attribution 4.0 International License.
Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing.
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.