Utilizing Netflow Data to Detect Slow Read Attacks
作者: Clifford Kemp , Chad Calvert , Taghi Khoshgoftaar
关键词:
摘要: Attackers can leverage several techniques to compromise computer networks, ranging from sophisticated malware DDoS (Distributed Denial of Service) attacks that target the application layer. Application layer attacks, such as Slow Read, are implemented with just enough traffic tie up CPU or memory resources causing web and servers go offline. Such mimic legitimate network requests making them difficult detect. They also utilize less volume than traditional attacks. These low attack methods often undetected by security solutions until it is too late. In this paper, we explore use machine learners for detecting Read on at Our approach uses a generated dataset based upon Netflow data collected live environment. IP Flow Information Export (IPFIX) standard providing significant flexibility features. features process handle growing amount have worked well in our previous work evasion techniques. consists real-world production network. We eight different classifiers build detection models. wide selection provides us more comprehensive analysis Experimental results show were quite successful identifying high false alarm rate. The experiment demonstrates chosen discriminative detect accurately
sci-hub.se 参考文章(27)
Benoit Claise, Cisco Systems NetFlow Services Export Version 9 RFC. ,vol. 3954, pp. 1- 33 ,(2004)
Chris Sanders, Jason Smith, Applied Network Security Monitoring: Collection, Detection, and Analysis ,(2013)
Mark A. Hall, Ian H. Witten, Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques ,(1999)
Jema David Ndibwile, A. Govardhan, Kazuya Okada, Youki Kadobayashi, Web Server Protection against Application Layer DDoS Attacks Using Machine Learning and Traffic Authentication computer software and applications conference. ,vol. 3, pp. 261- 267 ,(2015) , 10.1109/COMPSAC.2015.240
Keisuke Iwai, Hidema Tanak, Takakazu Kurokawa, Junhan Park, Analysis of Slow Read DoS Attack and Countermeasures The International Conference on Cyber-Crime Investigation and#N#Cyber Security (ICCICS2014). pp. 37- 49 ,(2014)
Mrutyunjaya Panda, Ajith Abraham, Manas Ranjan Patra, None, Hybrid intelligent systems for detecting network intrusions Security and Communication Networks. ,vol. 8, pp. 2741- 2749 ,(2015) , 10.1002/SEC.592
Andrew W. Moore, Denis Zuev, Internet traffic classification using bayesian analysis techniques measurement and modeling of computer systems. ,vol. 33, pp. 50- 60 ,(2005) , 10.1145/1064212.1064220
Jun Zhang, Chao Chen, Yang Xiang, Wanlei Zhou, Yong Xiang, Internet Traffic Classification by Aggregating Correlated Naive Bayes Predictions IEEE Transactions on Information Forensics and Security. ,vol. 8, pp. 5- 15 ,(2013) , 10.1109/TIFS.2012.2223675
Fariba Haddadi, Jillian Morgan, Eduardo Gomes Filho, A. Nur Zincir-Heywood, Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers advanced information networking and applications. pp. 7- 12 ,(2014) , 10.1109/WAINA.2014.19
Saurabh Mukherjee, Neelam Sharma, INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION Procedia Technology. ,vol. 4, pp. 119- 128 ,(2012) , 10.1016/J.PROTCY.2012.05.017