Intelligent Anomaly Detection Techniques for Denial of Service Attacks

To construct and evaluate intrusion detection, system researchers are limited to only a few available public datasets unless they prepare their own. Although the most prevalent KDDCUP’99 dataset provides a comparative analysis among researchers, the community needs a new dataset which reflects new attack types in current high-speed networks. The aim of this study is to prepare a new alternative dataset for the community for detection of denial of service attacks and to conduct performance analysis of different data mining methods on this dataset. To develop the dataset, distributed DoS attacks have been generated that target a commercial website in a real network environment, which has a million of users from all over the world. In addition to this, a richer attack dataset has been produced in a laboratory environment with the help of Labris Networks. After capturing data, significant network features have been identified and processed and labeled with related attack types. Furthermore, the performances of different data mining techniques have been evaluated, including binary classification, multi-class classification, outlier detection, feature selection methods and hybrid approaches with our dataset by using the following algorithms: K-Means clustering, Naïve Bayes, Decision Tree, Multilayer Perceptron, LibSVM, Random Forest and Random Tree.