Adaptive distributed mechanism against flooding network attacks based on machine learning

Josep L. Berral, Nicolas Poggi, Javier Alonso, Ricard Gavaldà, Jordi Torres, Manish Parashar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

Adaptive techniques based on machine learning and data mining are gaining relevance in self-management and self-defense for networks and distributed systems. In this paper, we focus on early detection and stopping of distributed flooding attacks and network abuses. We extend the framework proposed by Zhang and Parashar (2006) to cooperatively detect and react to abnormal behaviors before the target machine collapses and network performance degrades. In this framework, nodes in an intermediate network share information about their local traffc observations, improving their global traffc perspective. In our proposal, we add to each node the ability of learning independently, therefore reacting dierently according to its situation in the network and local traffc conditions. In particular, this frees the administrator from having to guess and manually set the parameters distinguishing attacks from non-attacks: now such thresholds are learned and set from experience or past data. We expect that our framework provides a faster detection and more accuracy in front of distributed flooding attacks than if staticlters or single-machine adaptive mechanisms areused. We show simulations where indeed we observe a high rate of stopped attacks with minimum disturbance to the legitimate users.

Original languageEnglish (US)
Title of host publicationProceedings of the 1st ACM Workshop on AISec, AISec'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Pages43-49
Number of pages7
DOIs
StatePublished - 2008
Event1st ACM Workshop on AISec, AISec'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08 - Alexandria, VA, United States
Duration: Oct 27 2008Oct 31 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other1st ACM Workshop on AISec, AISec'08, Co-located with the 15th ACM Computer and Communications Security Conference, CCS'08
Country/TerritoryUnited States
CityAlexandria, VA
Period10/27/0810/31/08

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Keywords

  • Autonomic computing
  • Cooperative
  • DDoS
  • Flooding attacks
  • Intrusion detection
  • Machine learning

Fingerprint

Dive into the research topics of 'Adaptive distributed mechanism against flooding network attacks based on machine learning'. Together they form a unique fingerprint.

Cite this