EXPLOITING ARTIFICIAL IMMUNE SYSTEMS TO DETECT UNKNOWN DoS ATTACKS IN REAL-TIME
DoS is still one of the most serious attacks on the Internet.Payload-based approaches are effective to known DOS attacks but are unable to be deployed on high-speed networks.To address this issue,flow-based DOS detection schemes have been proposed for high-speed networks as an effective supplement of payload-based solutions.However,existing flow-based solutions have serious limitations in detecting unknown attacks and efficiently identifying real attack flows buried in the background traffic.In addition,existing solutions also have difficulty to adapt to attack dynamics.To address these issues,this paper proposes a flow-based DOS detection scheme based on Artificial Immune systems.We adopt a tree structure to store flow information such that we can effectively extract useful features from flow information for better detecting DoS attacks.We employ Neighborhood Negative Selection (NNS) as the detection algorithm to detect unknown DoS attacks,and identify attack flows from massive traffic.Because the strong tolerance of NNS,the proposed solution is able to quickly adapt attack dynamics.The experimental results show that this solution is able to effectively detect unknown DoS attack flows and identify attack flows from background traffic.Meanwhile,the theoretical analysis demonstrates that this system can extract flow features more effectively.
DoS attack Intrusion detection Artificial immune Flow
Dawei Wang Longtao He Yibo Xue Yingfei Dong
National Computer network Emergency Response technical Team/Coordination Center of China,Beijing 100 Research Inst.of Info.& Tech.,Tsinghua University,Beijing 100083,China;Tsinghua National Lab for Inf Department of Electrical Engineering,University of Hawaii,Honolulu,HI 96822,USA
国际会议
杭州
英文
848-852
2012-10-30(万方平台首次上网日期,不代表论文的发表时间)