A system for denial-of-service attack detection based on multivariate correlation analysis

Tan, Z; Jamdagni, A; He, X; Nanda, P; Liu, RP

A system for denial-of-service attack detection based on multivariate correlation analysis

Tan, Z

Jamdagni, A He, X

Nanda, P

Liu, RP

Permalink

Publication Type:: Journal Article
Citation:: IEEE Transactions on Parallel and Distributed Systems, 2014, 25 (2), pp. 447 - 456
Issue Date:: 2014-02-01

Closed Access

	Filename	Description	Size
	DoS_Attack_TPDS_Thomas.pdf	Published Version	882.08 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Tan, Z https://orcid.org/0000-0001-5420-2554	en_US
dc.contributor.author	Jamdagni, A	en_US
dc.contributor.author	He, X https://orcid.org/0000-0001-8962-540X	en_US
dc.contributor.author	Nanda, P https://orcid.org/0000-0002-5748-155X	en_US
dc.contributor.author	Liu, RP https://orcid.org/0000-0001-7001-6305	en_US
dc.date.issued	2014-02-01	en_US
dc.identifier.citation	IEEE Transactions on Parallel and Distributed Systems, 2014, 25 (2), pp. 447 - 456	en_US
dc.identifier.issn	1045-9219	en_US
dc.identifier.uri	http://hdl.handle.net/10453/31987
dc.description.abstract	Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 data set, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy. © 1990-2012 IEEE.	en_US
dc.relation.ispartof	IEEE Transactions on Parallel and Distributed Systems	en_US
dc.relation.isbasedon	10.1109/TPDS.2013.146	en_US
dc.subject.classification	Distributed Computing	en_US
dc.title	A system for denial-of-service attack detection based on multivariate correlation analysis	en_US
dc.type	Journal Article
utslib.citation.volume	2	en_US
utslib.citation.volume	25	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0803 Computer Software	en_US
utslib.for	1005 Communications Technologies	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Strength - CRIN - Realtime Information Networks
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
pubs.organisational-group	/University of Technology Sydney/Strength - INEXT - Innovation in IT Services and Applications
utslib.copyright.status	closed_access
pubs.issue	2	en_US
pubs.publication-status	Published	en_US
pubs.volume	25	en_US

Abstract:

Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 data set, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy. © 1990-2012 IEEE.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/31987