多层前馈人工神经网络在分布式拒绝服务检测中的应用(IJCNIS-V9-N12-4)

I.J.ComputerNetworkandInformationSecurity,2017,12,29-35PublishedOnlineDecember2017inMECS()DOI:10.5815/ijcnis.2017.12.04Copyright©2017MECSI.J.ComputerNetworkandInformationSecurity,2017,12,29-35DistributedDenialofServiceDetectionusingMultiLayeredFeedForwardArtificialNeuralNetworkIsmailaIdris,ObiBlessingFabian,Shafi’iM.AbdulhamidDepartmentofCyberSecurity,FederalUniversityofTechnology,Minna,Nigeria.E-mail:ismi.idris@futminna.edu.ng,obiblessing33@gmail.com,shafii.abdulhamid@futminna.edu.ngMorufuOlalereandBabaMeshachDepartmentofCyberSecurity,FederalUniversityofTechnology,Minna,NigeriaE-mail:lerejide@futminna.edu.ng,babameshach01@futminna.edu.ngReceived:20June2017;Accepted:10August2017;Published:08December2017Abstract—OneofthedangersfacedbyvariousorganizationsandinstitutionsoperatinginthecyberspaceisDistributedDenialofService(DDoS)attacks;itiscarriedoutthroughtheinternet.Itresultantconsequencesarethatitslowdowninternetservices,makesitunavailable,andsometimedestroythesystems.Mostoftheservicesitaffectsareonlineapplicationsandprocedures,systemandnetworkperformance,emailsandothersystemresources.TheaimofthisworkistodetectandclassifyDDoSattacktrafficsandnormaltrafficsusingmultilayeredfeedforward(FFANN)techniqueasatooltodevelopmodel.Theinputparametersusedfortrainingthemodelare:servicecount,duration,protocolbit,destinationbyte,andsourcebyte,whiletheoutputparametersareDDoSattacktrafficornormaltraffic.KDD99datasetwasusedfortheexperiment.Aftertheexperimentthefollowingresultsweregotten,100%precision,100%specificityrate,100%classifiedrate,99.97%sensitivity.Thedetectionrateis99.98%,errorrateis0.0179%,andinconclusiverateis0%.TheresultsaboveshowedthattheaccuracyrateofthemodelindetectingDDoSattackishighwhencomparedwiththatoftherelatedworkswhichrecordeddetectionaccuracyas98%,sensitivity96%,specificity100%andprecision100%.IndexTerms—DDoSattacks,DDoSdetectors,ArtificialNeuralNetwork,FeedForwardArtificialNeuralNetwork.I.INTRODUCTIONDistributedDenial-of-Service(DDoS)attackisaserioussituationfacingtheworldatlarge.Thisisperpetuatedwhenlargeamountofinternetpacketsaresentfromnumeroussystemsthathavebeeninfected(usuallycalledsalves/zombies)toavictim’snetwork,consumingitresources(bandwidth),slowingdownnetworkandperformanceofthesystem,causingservicestobeunavailableandmosttimesdestroysthesystem.Theseactivitiesmakeitdifficultforlegitimateuserstousethetargetedsystem.DDoSattackisoneoftheattacksthatcausemenacetothestabilityoftheInternet,affectingserviceslikeonlineapplicationsandprocedures,systemandnetworkperformance,emailsandothersystemresources.Fig.1.ShowsexampleofaDDoSattack,itexplainshowtheattackiscarriedout.Fig.1.AnExampleofDDoSAttackManyresearchershaveworkedonDDoSattacksusingdifferenttechniques,algorithmanddatasetstogivesolutiontotheproblem.TherearemanyreasonswhysomepeopleengageinDDoSattackstheseincludes;financialbenefit,politicaltussleandfunforhackersasthecasemaybe.TheaimofthispaperistodetectDDoSattacksusingmultilayeredfeedforwardFFANNtechniqueanditsmaincontributionsaretoenhancedthemulti-layerFeed-EorwardANN(FFANN)modeltodetectDDoSattacksandevaluatetheperformanceofthedevelopedmodel.Theremainingsectionsofthepaperareorganizedasfollows:sectionIIpresentsrelatedliteraturesinDDoSandANNclassification.SectionIIIdetailstheconceptofANNoptimizationasutilizedinthemethodology.SectionIVchroniclestheresultsobtainedinthe30DistributedDenialofServiceDetectionusingMultiLayeredFeedForwardArtificialNeuralNetworkCopyright©2017MECSI.J.ComputerNetworkandInformationSecurity,2017,12,29-35experimentalsimulationandsectionVdescribesthesummary,conclusionandfuturerecommendations.II.RELATEDWORKSManyresearchworkshasbeendoneonDDoSattacksandintheseworksseveralalgorithms,modelsandtechniquesareproposedandusedtheresearcherstodetecttheattacksinsimulatedorrealtimeenvironment.In[1]ANNwasusedtodetectDDoSattackstheresultobtainedwascomparedwithanotherresultgottenfromBayesian,entropyanddecisiontree.Theresearcherswereabletodetectusers'requests,howusersaccessresources,andthewaytheycommunicatewithdata.Thesamplesoftheirobservationweresentintothedetectionmechanismtotestforabnormalitiesintheirrequest.Thewritersin[2]usedatechniqueinneuralnetworkcalledLearningVectorQuantization(LVQ)toidentifyattacks.LVQmodelwasablerecognizedpattern,compressdataandclassifydatawithmultipleclasses.Thedatasetswithqualitativevariableswasusedfortheexperiment,sinceallthevariablearenotnumericalinnature,itwasnormalizedsothattheneuralnetworkcanlearnit.[3]formulatedmodelforProbabilisticNeuralNetworkBasedAttackTrafficClassificationwhichdetectedarangeofDDoSattacksandflashevents.TheirworkcenteredonclassifyingDistributedDenialofServiceattacksandFlashEventsusingRadialBasisFunctionNeuralNetwork(RBFNN),BayesinferencesandBayesdecisionruleastheirtoolforclassification.ItworkedwellbecauseitwasabletoclassifyandmakeadistinctionbetweenDDoSattacktrafficandnormaltraffic.[4]usedentropyvariationandneuralnetworktodiscovertherelationshipsthatexistbetweencompromisedsystemsinthenetworkandtoidentifythetotalnumberofcomp