Authors Y.V. Tarasov
Month, Year 08, 2014 @en
Index UDC 004.056
Abstract The article presents the development of the method of detection of network attacks such as "denial of service" for various services of storage, processing and transmission of data over the Internet. Emphasis is placed on the detection of low-rate DoS-attacks. Refuted the view that the special tools for intrusion detection, "denial of service" are not required, since the fact of DoS- attacks can not be ignored. It is shown that for an effective response is necessary to know the type, nature, and other indicators of the attack, "denial of service", and the detection system of distributed attacks allow to quickly get the information. Furthermore, the use of such intrusion detection systems can significantly reduce the time of determining the attack – 2–3 days to a few tens of minutes, which reduces costs and downtime traffic attacked resource. As a detection module a hybrid neural network based on Kohonen network and multilayer perceptron is used. The operation of the intrusion detection system prototype, the method of formation of the training sample, all experiments and the topology of the experimental stand are presented. Experimental results of a prototype, in which the type I and type II errors were respectively 1 and 1.5 %, also presented.

Download PDF

Keywords Attack detection; low-rate DDoS-attacks; hybrid neural network; security of computer networks.
References 1. Reshenie Cisco Systems «Clean Pipes» po zashchite ot raspredelennykh DDOS-atak dlya opera-torov svyazi i ikh klientov [Cisco Systems "Clean Pipes" for protection against distributed DDOS attacks for Opera-tors of communication and their clients]. Available at: web/RU/downloads/CleanPipes_rus.pdf. (Accessed 01 September 2014).
2. Lobanov V.E., Onykiy B.N., Stankevichus A.A. Arkhitektura sistemy zashchity Grid ot atak tipa «otkaz v obsluzhivanii» i «raspredelennyy otkaz v obsluzhivanii» [The system architecture protect the Grid from attacks such as denial of service and distributed denial of service"], Bezopasnost' informatsionnykh tekhnologiy [Information Technology Security], 2010, No. 3, pp. 136-139.
3. Otchet «Laboratorii Kasperskogo» o DDoS-atakakh za pervoe polugode 2013 goda [The report "Kaspersky Lab" about DDoS attacks for the first six months of 2013]. Available at: (Accessed 01 September 2014).
4. Chee W.O. Brennan T. OWASP AppSec DC 2010. HTTP POST DDoS. Available at: Layer_7_DDOS.pdf (Accessed 01 August 2014).
5. Aleksandar Kuzmanovic, Edward W. Knightly: Low-rate TCP-targeted denial of service attacks and counter strategies, IEEE/ACM Trans. Netw, 2006, No. 14 (4), pp. 683-696.
6. Paxson V., Allman M., Chu H.K. and M. Sargent. Computing TCP's Retransmission Timer, RFC 6298, Proposed Standard, June 2011.
7. Sayt «RFC 2.0 – Russkie Perevody RFC» [The website "RFC 2.0 - Russian Translations RFC"]. Available at: - svobodnyy (Accessed 01 September 2014).
8. Abramov E.S., Anikeev M.V., Makarevich O.B. Ispol'zovanie apparata neyrosetey pri obnaruzhenii setevykh atak [The use of the apparatus of neural networks in the detection of network attacks], Izvestiya TRTU [Izvestiya TSURE], 2004, No. 1 (36), pp. 130.
9. Abramov E.S., Anikeev M.V., Makarevich O.B. Podgotovka dannykh dlya ispol'zovaniya v obuchenii i testirovanii neyrosetey pri obnaruzhenii setevykh atak [Preparing data for use in training and testing of neural networks in the detection of network attacks], Izvestiya TRTU [Izvestiya TSURE], 2003, No. 4 (33), pp. 204-206.
10. James Cannady. The Application of Artificial Neural Networks to Misuse Detection. 2001. 11. Abramov E.S., Sidorov I.D. Metod obnaruzheniya raspredelennykh informatsionnykh vozdeystviy na osnove gibridnoy neyronnoy seti [iscovery of distributed information impacts based on hybrid neural network], Izvestiya YuFU. Tekhnicheskie nauki [Izvestiya SFedU. Engineering Sciences], 2009, No. 11 (100), pp. 154-164.

Comments are closed.