Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Traffic flooding attack detection with SNMP MIB using SVM

Authors
Yu, JaehakLee, HansungKim, Myung-SupPark, Daihee
Issue Date
20-11월-2008
Publisher
ELSEVIER
Keywords
Intrusion detection; SNMP; MIB; DoS/DDoS; Support vector machine
Citation
COMPUTER COMMUNICATIONS, v.31, no.17, pp.4212 - 4219
Indexed
SCIE
SCOPUS
Journal Title
COMPUTER COMMUNICATIONS
Volume
31
Number
17
Start Page
4212
End Page
4219
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/122391
DOI
10.1016/j.comcom.2008.09.018
ISSN
0140-3664
Abstract
Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. Little or no integration exists between IDS and SNMP-based network management, in spite of the extensive monitoring and statistical information provided by SNMP agents implemented on network devices and systems. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. The involved SNMP MIB variables are selected by an effective feature selection mechanism and gathered effectively by the MIB update time prediction mechanism. Secondly, we use a machine learning approach based on a Support Vector Machine (SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy. the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB datasets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms. (C) 2008 Elsevier B.V. All rights reserved.
Files in This Item
There are no files associated with this item.
Appears in
Collections
Graduate School > Department of Computer and Information Science > 1. Journal Articles
College of Science and Technology > Department of Computer Convergence Software > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Park, Dai Hee photo

Park, Dai Hee
과학기술대학 (컴퓨터융합소프트웨어학과)
Read more

Altmetrics

Total Views & Downloads

BROWSE