Browse > Article
http://dx.doi.org/10.5391/JKIIS.2003.13.4.491

A Probe Prevention Model for Detection of Denial of Service Attack on TCP Protocol  

Lee, Se-Yul (대전대학교 컴퓨터공학부)
Kim, Yong-Soo (대전대학교 컴퓨터공학부)
Publication Information
Journal of the Korean Institute of Intelligent Systems / v.13, no.4, 2003 , pp. 491-498 More about this Journal
Abstract
The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.
Keywords
Fuzzy Cognitive Maps; Probe Detection; Syn Flooding Attack; Denial of Service;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Franklin L., "Protection The Web Server and Application," Computer and Security, No.20, pp.31-35, 2001.   DOI   ScienceOn
2 S. Y. Lee, "An Adaptive Probe Detection Model using Fuzzy Cognitive Maps", Ph. D. Dissertation, Daejeon University, 2003.
3 Computer Emergency Response Team, "TCP Syn Flooding and IP Spoofing Attacks," CERT Advisory: CA, 96-121, 1996.
4 E. J. Lee. " A Study on Intrusion Detection System through Network," Master Thesis, Inchon University, pp. 56-60, 2001.
5 K. B. Sim , J. W. Yang, D. W. Lee, S. Y. Lee, Y. S. Kim, et aI., "Intrusion Detection System of Network Based on Biological Immune System," Journal of Fuzzy Logic And Intelligent Systems, Vol. 12, No. 5, pp. 411-416, 2002.   과학기술학회마을   DOI   ScienceOn
6 S. Y. Lee and Y. S. Kim, "A RTSD Mechanism for Detection of DoS Attack on TCP Network," Proceedings of KFIS 2002 Spring Conference, pp. 252-255, 2002.
7 Syncookies mailing list. ftp://koobera.math.uic.edu/pub/docs/syncookies-archive, 1996.
8 Amang Garg and A. L. Narasimha Reddy, "Policy Based end Server Resource Regulation," IEEE/ACM Transactions on Networking , Vol. 8, No.2, pp. 146-157, 2000.   DOI   ScienceOn
9 W. Lee and S. J. Stolfo., "A Framework for Constructing Features and Models for Intrusion Detection Systems," In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 1999.
10 H. S. Lee, Y. H. Im, "Adaptive Intrusion Detection System Based on SVM and Clustering", Journal of Fuzzy Logic and Intelligent Systems, Vol. 13, No. 2, pp.237-242, 2003.   과학기술학회마을   DOI   ScienceOn
11 Hongik Univ. STRC, "Intrusion Detection System and Detection Rates Report", KISA, 1999.
12 Hofmeyr, S. A., Forrest, S., and Somayaji, A., "Intrusion detection using sequences of system calls," Journal of Computer Security, Vol. 6, pp.151-180, 1998.
13 S. J. Park, "A Probe Detection Model using the Analysis of the Session Patterns on the Internet Service", Ph. D. Dissertation, Daejeon University, 2003.
14 Axelrod, R, "Structure of Decision The Cognitive Maps of Political Elites," Princeton, NJ : Princeton University Press, 1976.
15 Cannady, J., "Applying Neural Networks to Misuse Detection," In Proceedings of the 21st National Information System Security Conference, 1998.