AN IMPROVED ENSEMBLE APPROACH FOR DOS ATTACKS DETECTION

Authors

  • R. M. Alguliyev Azerbaijan National Academy of Sciences, Baku, Azerbaijan, Azerbaijan
  • R. M. Aliguliyev Azerbaijan National Academy of Sciences, Baku, Azerbaijan, Azerbaijan
  • Y. N. Imamverdiyev Azerbaijan National Academy of Sciences, Baku, Azerbaijan, Azerbaijan
  • L. V. Sukhostat Azerbaijan National Academy of Sciences, Baku, Azerbaijan, Azerbaijan

DOI:

https://doi.org/10.15588/1607-3274-2018-2-8

Keywords:

network security, network attacks, DoS, classification, ensemble of classifiers, Big data.

Abstract

Context. The task of using the ensemble of classifiers to detect DoS attacks in large arrays of network traffic data is solved to withstand
attacks on the network.
Objective of this paper is to build an ensemble of classifiers that surpasses single classifiers in terms of accuracy.
Method. To achieve the formulated goal an algorithm, that indicates the probability of belonging to certain classes, which return a
vector of classification scores for each point, is proposed. The peculiarity of the proposed approach is that for each point from the dataset,
the predicted class label corresponds to the maximum value among all scores obtained by classification methods for a given point. As
classifiers, decision trees, k-nearest neighbors algorithm, support vector machines with various kernel functions, and naпve Bayes are
considered. A comparative analysis of the proposed approach with single classifiers is considered using the following metrics: accuracy,
precision, recall, and F-measure.
Results. The experiments have been performed in R 3.4.1 on the NSL-KDD dataset of network attacks, which was divided into three
classes (DoS, normal network behavior and other types of attack).
Conclusions. The conducted experiments have confirmed the efficiency of the proposed approach. The most accurate result showed
an ensemble of five classifiers. The development of techniques for attacks detection based on an ensemble of classifiers avoids the problems inherent in most approaches since it is capable of detecting both known and new attacks with high accuracy. It can be concluded that the proposed approach for network attacks detection is of practical significance. In order to further study the attacks detection in network
traffic, studies will be performed on real Big data sets.

References

Aliguliyev R. M. Multidisciplinary problems of big data in

information security / R. M. Aliguliyev, Y. N. Imamverdiyev,

M. S. Hajirahimova // Proceedings of the II International scientific and practical conference Information Security and Computer Technologies. – 2017. – P. 10-11.

Nallaivarothayan H. An evaluation of different features and

learning models for anomalous event detection /

H. Nallaivarothayan, D. Ryan, S. Denman, S. Sridharan, C. Fookes // Proceedings of the International Conference on Digital Image Computing: Techniques and Applications. – 2013. – P. 1–8. DOI:

1109/dicta.2013.6691480

Xie M. Anomaly detection in wireless sensor networks: a survey / M. Xie, S. Han, B. Tian, S. Parvin // Journal of Network and Computer Applications. – 2011. – Vol. 34. – P. 1302–1325. DOI: 10.1016/j.jnca.2011.03.004

Davis J. J. Data preprocessing for anomaly based network intrusion detection: a review / J. J. Davis, A. J. Clark // Computers & Security. – 2011. – Vol. 30. – P. 353–375. DOI: 10.1016/j.cose.2011.05.008

Fiorea U. Network anomaly detection with the restricted

boltzmann machine / U. Fiorea, F. Palmierib, A. Castiglionec, A. D. Santis // Neurocomputing. – 2013. – Vol. 122. – P. 13–23.DOI: 10.1016/j.neucom.2012.11.050

Chandola V. Anomaly detection: a survey / V. Chandola,

A. Banerjee, V. Kumar // ACM Computing Surveys. – 2009. –

Vol. 41, № 3. – P. 1–58. DOI: 10.1145/1541880.1541882

Anceaume E. Anomaly characterization in large scale networks / E. Anceaume, Y. Busnel, E. L. Merrer, R. Ludinard, J. Marchand, B. Sericola // Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. – 2014. – P. 68–79. DOI: 10.1109/dsn.2014.23

Dua S. Data mining and machine learning in cybersecurity /

S. Dua, X. Du. – Boca Raton, FL: CRC Press, 2011. – 256 p.

DOI: 10.1201/b10867 9. Catania C. A. Automatic network intrusion detection: current techniques and open issues / C. A. Catania, C. G. Garino //Computers and Electrical Engineering. – 2012. – Vol. 38, № 5. – P. 1062–1072. DOI: 10.1016/j.compeleceng.2012.05.013 10. Ahmed M. A survey of network anomaly detection techniques / M. Ahmed, A. Mahmood, J. Hu // Journal of Network and Computer Applications. – 2016. – Vol. 60. – P. 19–31. DOI: 10.1016/

j.jnca.2015.11.016

Wu S. X. The use of computational intelligence in intrusion

detection systems: a review / S. X. Wu, W. Banzhaf // Applied

Soft Computing. – 2010. – Vol. 10, № 1. – P. 1–35. DOI: 10.1016/j.asoc.2009.06.019

Chandola V. Data mining for cyber security / V. Chandola,

E. Eilertson, L. Ertoz, G. Simon, V. Kumar. – New York: Springer, 2006. – 159 p. – (Data Warehousing and Data Mining Techniques for Computer Security.). DOI: 10.1007/978-0-387-47653-7

Lee W. A framework for constructing features and models for intrusion detection systems / W. Lee, S. J. Stolfo // ACM

Transactions on Information and System Security. – 2000. –

Vol. 3, № 4. – P. 227–261. DOI: 10.1145/382912.382914

Mahoney M. V. Learning nonstationary models of normal network traffic for detecting novel attacks / M. V. Mahoney, P. K. Chan / / Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. – 2002. – P. 376–386. DOI: 10.1145/775047.775102

Hodge V. A survey of outlier detection methodologies / V. Hodge, J. Austin // Artificial Intelligence Review. – 2004. – Vol. 22, № 2. – P. 85–126. DOI: 10.1023/b:aire.0000045502.10941.a9 16. Farid D. M. Adaptive intrusion detection based on boosting and naive bayesian classifier / D. M. Farid, M. Z. Rahman,

C. M. Rahman // International Journal of Computer Applications. – 2011. – Vol. 24, № 3. – P. 12–19. DOI: 10.5120/2932-3883

Downloads

How to Cite

Alguliyev, R. M., Aliguliyev, R. M., Imamverdiyev, Y. N., & Sukhostat, L. V. (2018). AN IMPROVED ENSEMBLE APPROACH FOR DOS ATTACKS DETECTION. Radio Electronics, Computer Science, Control, (2). https://doi.org/10.15588/1607-3274-2018-2-8

Issue

No. 2 (2018): Radio Electronics, Computer Science, Control

Section

Progressive information technologies

License

Copyright (c) 2018 R. M. Alguliyev, R. M. Aliguliyev, Y. N. Imamverdiyev, L. V. Sukhostat

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Creative Commons Licensing Notifications in the Copyright Notices

The journal allows the authors to hold the copyright without restrictions and to retain publishing rights without restrictions.

The journal allows readers to read, download, copy, distribute, print, search, or link to the full texts of its articles.

The journal allows to reuse and remixing of its content, in accordance with a Creative Commons license СС BY -SA.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License CC BY-SA that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.