Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2008.15-C.5.351

Traffic Flooding Attack Detection on SNMP MIB Using SVM  

Yu, Jae-Hak (고려대학교 전산학과)
Park, Jun-Sang (고려대학교 컴퓨터정보학과)
Lee, Han-Sung (고려대학교 전산학과)
Kim, Myung-Sup (고려대학교 컴퓨터정보학과)
Park, Dai-Hee (고려대학교 컴퓨터정보학과)
Publication Information
The KIPS Transactions:PartC / v.15C, no.5, 2008 , pp. 351-358 More about this Journal
Abstract
Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems(IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network environment. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. Secondly, we use a machine learning approach based on a Support Vector Machine(SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB data sets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.
Keywords
Intrusion Detection; SNMP; MIB; DoS/DDoS; Support Vector Machine;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 이한성, 송지영, 김은영, 이철호, 박대희, “다중 클래스 SVM기반의 침입탐지 시스템,” 퍼지 및 지능시스템학회 논문지, 제 15권, 제 3 호, pp.282-288, 2005   과학기술학회마을   DOI
2 E. Duarte and Jr., A. L. Santos, “Network fault management based on SNMP agent groups”, Proc. of ICDCSW 2001, pp.51-56, 2001   DOI
3 L. P. Gaspary, R. N. Sanchez, D. W. Antunes, and E. Meneghetti, “A SNMP-based platform for distributed stateful intrusion detection in enterprise networks”, IEEE Journal on Selected Areas in Communications, Vol. 23, No. 10, pp.1973-1982, 2005   DOI   ScienceOn
4 J. B. D. Cabrera, L. Lewis, X. Qin, C. Gutierrez, W. Lee, and R. K. Mehra, “Proactive intrusion detection and SNMP-based security management: new experiments and validation”, IFIP/IEEE Eighth International Symposium on Integrated Network Management, pp.93-96, 2003
5 S. Noel, D. Wijesekera, and C. Youman, “Modern intrusion detection, data mining, and degrees of attack guilt”, in Applications of Data Mining in Computer Security, Kluwer Academic Publisher, pp.1-31, 2002
6 R. Puttini, M. Hanashiro, F. Miziara, R. Sousa, L. García-Villalba, and C. Barenco, “On the anomaly intrusion-detection in mobile adhoc network environments”, Proc. of PWC 2006, LNCS 4217, pp.182-193, 2006   DOI   ScienceOn
7 M. Shyu, S. Chen, K. Sarinnapakorn, and L. Chang, “A novel anomaly detection scheme based on principal component classifier,” Proc. of the IEEE Foundations and New Directions of Data Mining Workshop, pp.172-179, Melbourne, Florida, USA, 2003
8 D. Yoo, and C. Oh, “Traffic gathering and analysis algorithm for attack detection”, KoCon 2004 Spring Integrated Conference, Vol. 4, pp.33-43, 2004
9 박준상, 조현승, 김명섭, “SNMP MIB의 상관 관계를 이용한 트래픽 폭주 공격 탐지”, 통신 학회 추계종합학술발표회, 서울대학교, 서울, Nov. 17, pp.13-16, 2007
10 IETF RFC 1213, “Management Information Base for Network Management of TCP/Ip-Based Internets: MIB-II”, http://www.rfc-editor.org/rfc/rfc1213.txt
11 K. Ramah, H. Ayari, and F. Kamoun, “Traffic anomaly detection and characterization in the Tunisian national university network”, Proc. of Networking 2006, LNCS 3979, pp.136-147, 2006   DOI   ScienceOn
12 M. Kim, H. Kang, S. Hong, Seung-Hwa Chung, and J. W. Hong, “A flow-based method for abnormal network traffic detection”, Proc. of NOMS 2004, Seoul, Korea, Apr. 19-23, pp.559-612, 2004   DOI
13 H. Lee, J. Song, and D. Park, “Intrusion detection system based on multi-class SVM”, RSFDGrC 2005, LNAI, Vol. 3642, pp.511-519, 2005   DOI   ScienceOn
14 “Distributed Denial of Service (DDoS) Attacks/tools”, http://staff.washington.edu/dittrich/misc/ddos/
15 J. Li and C. Manikopoulos, “Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters”, Information Assurance Workshop, IEEE, pp.53-59, 2003   DOI
16 T. Ambwani, “Multi class support vector machine implementation to intrusion detection”, Proceedings of the International Joint Conference on Neural Networks, Vol. 3, pp.2300-2305, 2003   DOI