Prediction of DoS attack sequences

Abstract

A denial of service attack (DOS) is any type of attack on a networking structure to disable a server from servicing its clients. Attacks range from sending millions of requests to a server in an attempt to slow it down, flooding a server with large packets of invalid data, to sending requests with an invalid or spoofed IP address. Sequential pattern mining is an important data mining problem with broad applications. Sequential Pattern Mining is to discover the frequent sequential pattern in the sequential event dataset. Intrusion detection using sequential pattern mining is a research focusing on the field of information security. In this paper, we have implemented Apriori a candidate generation algorithm and PrefixSpan a pattern growth algorithm on a network intrusion dataset from KDD Cup 1999, 10 percent of training dataset, which is the annual Data Mining and Knowledge Discovery competition organized by ACM Special Interest Group on Knowledge Discovery and Data Mining, the leading professional organization of data miners. To address the absence of timestamp in the dataset, we considered two approaches to generate the sequence database from the dataset. One is by taking service as reference attribute and the other one by taking a timestamp window of size one day (86400 seconds). We found that experimental results of PrefixSpan for predicting DoS attacks sequences on KDD cup 99 training dataset are efficient. These results are then compared with SPAM (Sequential Pattern Mining) algorithm which uses vertical bitmap data layout allowing for simple, efficient counting.