Detection of Denial of Service Attacks against Domain Name System Using Neural Networks
Along with the explosive growth of the Internet, the demand for efficient and secure Internet Infrastructure has been increasing. For the entire chain of Internet connectivity the Domain Name System (DNS) provides name to address mapping services. Hackers exploit this fact to damage different par...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2009
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/7302/1/FK_2009_23a.pdf http://psasir.upm.edu.my/id/eprint/7302/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Along with the explosive growth of the Internet, the demand for efficient and secure
Internet Infrastructure has been increasing. For the entire chain of Internet
connectivity the Domain Name System (DNS) provides name to address mapping
services. Hackers exploit this fact to damage different parts of Internet. In order to
prevent this system from different types of attacks, we need to prepare a
classification of possible security threats against DNS.
This dissertation focuses on Denial of Service (DoS) attacks as the major security
issue during last years, and gives an overview of techniques used to discover and
analyze them. The process of detection and classification of DoS against DNS has been presented
in two phases in our model. The proposed system architecture consists of a statistical
pre-processor and a machine learning engine.
The first step in our work was to generate the DNS traffic in normal and attack
situations for using as the input of our intrusion detection system (IDS). With the
prior knowledge of DoS attacks against DNS, we used a network simulator to model
DNS traffic with high variability. Therefore, the difficulty of creating different
scenarios of attacks in a real environment has been decreased. The pre-processor,
processes the collected data statistically and derives the final variable values. These
parameters are the inputs of the detector engine.
In the current research for our machine learning engine, we aimed to find the
optimum machine learning algorithm to be used as an IDS. The performance of our
system was measured in terms of detection rate, accuracy, and false alarm rate. The
results indicated that the three layered back propagation neural network with a 3-7-3
structure provides a detection rate of 99.55% for direct DoS attacks and 97.82% for
amplification DoS attacks. It can give us 99% accuracy and an acceptable false alarm
rate of 0.28% comparing to other types of classifiers. |
|---|