A System for Denial-of-Service Attack Detection

Based on Multivariate Correlation Analysis

ABSTRACT:
Interconnected systems, such as Web servers, database servers, cloud
computing servers etc, are now under threads from network attackers. As one of
most common and aggressive means, Denial-of-Service DoS! attacks cause
serious impact on these computing systems. In this paper, we present a DoS attack
detection system that uses "ultivariate #orrelation Analysis "#A! for accurate
network traffic characteri$ation by e%tracting the geometrical correlations between
network traffic features. &ur "#A-based DoS attack detection system employs the
principle of anomaly-based detection in attack recognition. 'his makes our
solution capable of detecting known and unknown DoS attacks effectively by
learning the patterns of legitimate network traffic only. (urthermore, a triangle-
area-based techni)ue is proposed to enhance and to speed up the process of "#A.
'he effectiveness of our proposed detection system is evaluated using *DD #up
++ dataset, and the influences of both non-normali$ed data and normali$ed data on
the performance of the proposed detection system are e%amined. 'he results show
that our system outperforms two other previously developed state-of-the-art
approaches in terms of detection accuracy.
Existing System:
Interconnected systems, such as Web servers, database servers, cloud
computing servers etc, are now under threads from network attackers. As one of
most common and aggressive means, Denial-of-Service DoS! attacks cause
serious impact on these computing systems
Disadvantages
1. 'his makes our solution capable of detecting known and unknown DoS
attacks effectively by learning the patterns of legitimate network traffic only.
.
Proposed System:
We present a DoS attack detection system that uses "ultivariate #orrelation
Analysis "#A! for accurate network traffic characteri$ation by e%tracting the
geometrical correlations between network traffic features. &ur "#A-based DoS
attack detection system employs the principle of anomaly-based detection in attack
recognition. 'his makes our solution capable of detecting known and unknown
DoS attacks effectively by learning the patterns of legitimate network traffic only.
(urthermore, a triangle-area-based techni)ue is proposed to enhance and to speed
up the process of "#A. 'he effectiveness of our proposed detection system is
evaluated using *DD #up ++ dataset, and the influences of both non-normali$ed
data and normali$ed data on the performance of the proposed detection system are
e%amined. 'he results show that our system outperforms two other previously
developed state-of-the-art approaches in terms of detection accuracy.
Advantages:
1. 'he results show that our system outperforms two other previously
developed state-of-the-art approaches in terms of detection accuracy.
2. 'o find various attacks from the user to avoid ,etwork Intrusion.
Implementation
Implementation is the stage of the pro-ect when the theoretical design
is turned out into a working system. 'hus it can be considered to be the most
critical stage in achieving a successful new system and in giving the user,
confidence that the new system will work and be effective.
'he implementation stage involves careful planning, investigation of the
e%isting system and it.s constraints on implementation, designing of methods to
achieve changeover and evaluation of changeover methods.
Main Modules:-
1. User Module :
In this module, /sers are having authentication and security to access the
detail which is presented in the ontology system. 0efore accessing or searching the
details user should have the account in that otherwise they should register first.
2. Multivariate Correlation Analysis :
DoS attack traffic behaves differently from the legitimate network traffic,
and the behavior of network traffic is reflected by its statistical properties. 'o well
describe these statistical properties, we present a novel "ultivariate #orrelation
Analysis "#A! approach in this section. 'his "#A approach employs triangle
area for e%tracting the correlative information between the features within an
observed data ob-ect.
1. Detection "echanisms 2
We present a threshold-based anomaly detector, whose normal profiles are
generated using purely legitimate network traffic records and utili$ed for future
comparisons with new incoming investigated traffic records. 'he dissimilarity
between a new incoming traffic record and the respective normal profile is
e%amined by the proposed detector. If the dissimilarity is greater than a pre-
determined threshold, the traffic record is flagged as an attack. &therwise, it is
labeled as a legitimate traffic record. #learly, normal profiles and thresholds have
direct influence on the performance of a threshold-based detector. A low )uality
normal profile causes an inaccurate characteri$ation to legitimate network traffic.
'hus, we first apply the proposed trianglearea- based "#A approach to analy$e
legitimate network traffic, and the generated 'A"s are then used to supply )uality
features for normal profile generation.
3. #omputational comple%ity And 'ime #ost Analysis2
We conduct an analysis on the computational comple%ity and the time cost
of our proposed "#A-based detection system. &n one hand, as discussed in,
triangle areas of all possible combinations of any two distinct features in a traffic
record need to be computed when processing our proposed "#A. 'he former
techni)ue e%tracts the geometrical correlations hidden in individual pairs of two
distinct features within each network traffic record, and offers more accurate
characteri$ation for network traffic behaviors. 'he latter techni)ue facilitates our
system to be able to distinguish both known and unknown DoS attacks from
legitimate network traffic.
Problem Statement:
'he ob-ective of DDoS attacks s to consume resources, such as memory,#4/
processing space, or network bandwidth, in an attempt to make them unreachable
to end users by blocking network communication or denying access to services.

Con!iguration:
"#$ System Con!iguration:
4rocessor - 4entium 5III
Speed - 6.6 7h$
8A" - 9:; "0min!
<ard Disk - 9= 70
(loppy Drive - 6.33 "0
*ey 0oard - Standard Windows *eyboard
"ouse - 'wo or 'hree 0utton "ouse
"onitor - S>7A
S#$ System Con!iguration:
&perating System 2Windows+:?+@?9===?A4
Application Server 2 'omcat:.=?;.A
(ront Bnd 2 <'"C, Dava, Dsp
Scripts 2 DavaScript.
Server side Script 2 Dava Server 4ages.
Database 2 "ys)l :.=
Database #onnectivity 2 DD0#.