Traffic flooding attack detection with SNMP MIB using SVM
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Yu, Jaehak | - |
dc.contributor.author | Lee, Hansung | - |
dc.contributor.author | Kim, Myung-Sup | - |
dc.contributor.author | Park, Daihee | - |
dc.date.accessioned | 2021-09-09T02:39:21Z | - |
dc.date.available | 2021-09-09T02:39:21Z | - |
dc.date.issued | 2008-11-20 | - |
dc.identifier.issn | 0140-3664 | - |
dc.identifier.issn | 1873-703X | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/122391 | - |
dc.description.abstract | Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. Little or no integration exists between IDS and SNMP-based network management, in spite of the extensive monitoring and statistical information provided by SNMP agents implemented on network devices and systems. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. The involved SNMP MIB variables are selected by an effective feature selection mechanism and gathered effectively by the MIB update time prediction mechanism. Secondly, we use a machine learning approach based on a Support Vector Machine (SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy. the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB datasets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms. (C) 2008 Elsevier B.V. All rights reserved. | - |
dc.format.extent | 8 | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | ELSEVIER | - |
dc.title | Traffic flooding attack detection with SNMP MIB using SVM | - |
dc.type | Article | - |
dc.publisher.location | 네덜란드 | - |
dc.identifier.doi | 10.1016/j.comcom.2008.09.018 | - |
dc.identifier.wosid | 000261362400036 | - |
dc.identifier.bibliographicCitation | COMPUTER COMMUNICATIONS, v.31, no.17, pp 4212 - 4219 | - |
dc.citation.title | COMPUTER COMMUNICATIONS | - |
dc.citation.volume | 31 | - |
dc.citation.number | 17 | - |
dc.citation.startPage | 4212 | - |
dc.citation.endPage | 4219 | - |
dc.type.docType | Article | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordPlus | INTRUSION-DETECTION | - |
dc.subject.keywordAuthor | Intrusion detection | - |
dc.subject.keywordAuthor | SNMP | - |
dc.subject.keywordAuthor | MIB | - |
dc.subject.keywordAuthor | DoS/DDoS | - |
dc.subject.keywordAuthor | Support vector machine | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
145 Anam-ro, Seongbuk-gu, Seoul, 02841, Korea+82-2-3290-2963
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.