Analysis and detection of traffic from dos attack tools using Data mining
No Thumbnail Available
Date
2019-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
KNUST
Abstract
There has been a significant increase in the use of the internet over the past 20 years. As of
June 2019, it was estimated that the number of internet users worldwide was over 4.4 billion,
corresponding to about 57% of the world’s population. The increase in the use and
dependability of the internet has left in its trail a wide variety of vulnerabilities to defend
against. One of the key security concepts that helps to guide cybersecurity policies is
availability. In a computer network, a denial of service prevents users from having access to
resources or services over the network. Denial of service (DoS) attacks are attacks purposely
to disrupt availability of a network infrastructure. In past years, a DoS attack required a lot of
skill and knowledge in networking for an attack to be launched. However, in recent years, DoS
attack tools have been developed by various individuals and groups of people and are readily
available on the internet for free or for a little amount of money. Such tools can be used by
even the least skilled or knowledgeable attacker. This research therefore sought to develop a
defence mechanism against these easy-to-use tools. Attack traffic was captured from some DoS
tools and compared with benign traffic. Based on the differences between the attack traffic and
benign traffic captured, a signature-based detection algorithm based on support vector machine
(SVM) classifier was proposed. The algorithm was tested using the Snort IDS tool and the
results were compared with some existing DoS defence schemes. Tests results from the
algorithm showed the proposed defence mechanism had a high detection accuracy, low false
positive rate and fast detection time.
Description
A thesis submitted to the department of computer engineering in partial fulfillment of the requirement for the degree of MASTER OF PHILOSOPHY in computer engineering