Abstract
Distributed denial-of-service (DDoS) attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS), for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.
Highlights
Distributed denial-of-service (DDoS) attacks stand as a crucial threat to Internet services
In order to test the performance of our proposed system, the hybrid intrusion detection system (H-IDS) is applied to DARPA 2000 dataset and a dataset acquired from a commercial bank in Turkey
The performance indicators are chosen as true positive rate (TPR) and false positive rate (FPR), which are calculated by where NTD and NFD are the numbers of true detection instances and false detection instances, respectively
Summary
Distributed denial-of-service (DDoS) attacks stand as a crucial threat to Internet services. The attacker usually makes a sweep operation to determine the devices that are eligible for being used as a zombie, for example, a device with an open port. In this paper we propose a novel framework named as hybrid intrusion detection system (H-IDS) to detect DDoS attacks. In this system, in order to achieve more accurate detection we use both anomaly-based and signature-based detection techniques. The proposed H-IDS enhanced the overall performance of DDoS attack detection and shortened the detection delay through using two detectors separately but in an integrated fashion. For the detection performance evaluation of the proposed hybrid detector, we utilize the widely used DARPA 2000 dataset and a dataset provided by a commercial bank in Turkey during a penetration test.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
