Traffic flooding attack detection with SNMP MIB using SVM

D. Moore, G. Voelker, S. Savage, Inferring internet denial-of-service activity, in: Proceedigs of the Usenix Security Symposium, 2001, pp. 401–414.

M. Kim, H. Kang, S. Hong, S. Chung, J.W. Hong, A flow-based method for abnormal network traffic detection, in: Proceedings of NOMS 2004, Seoul, Korea, April 2004, pp. 559–612.

E. Duarte, A.L. Santos, Network fault management based on SNMP agent groups, in: Proceedings of ICDCSW, Phoenix, AZ, USA, April 2001, pp. 51–56.

J. Li, C. Manikopoulos, Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters, in: Proceedings of IEEE Information Assurance Workshop, 2003, pp. 53–59.

Gaspary, 2005, A SNMP-based platform for distributed stateful intrusion detection in enterprise networks, IEEE J. Selected Areas Commun., 23, 1973, 10.1109/JSAC.2005.854116

J.B.D. Cabrera, L. Lewis, X. Qin, C. Gutierrez, W. Lee, R.K. Mehra, Proactive intrusion detection and SNMP-based security management: new experiments and validation, in: Proceedings of IM, 2003, pp. 93–96.

Khan, 2006, A new intrusion detection system using support vector machines and hierarchical clustering, VLDB J., 16, 507, 10.1007/s00778-006-0002-5

Noel, 2002, Modern intrusion detection, data mining, and degrees of attack guilt, 1

H. Lee, J. Song, D. Park, Intrusion detection system based on multi-class SVM, in: Proceedings of RSFDGrC, LNAI, vol. 3642, 2005, pp. 511–519.

J. Zheng, M. Hu, Intrusion detection of DoS/DDoS and probing attacks for web services, in: Proceedings of WAIM, LNCS, vol. 3739, 2005, pp. 333–344.

T. Ambwani, Multi class support vector machine implementation to intrusion detection, in: Proceedings of the International Joint Conference on Neural Networks, vol. 3, 2003, pp. 2300–2305.

X. Xu, X. Wang, An adaptive network intrusion detection method based on PCA and support vector machines, in: Proceedings of ADMA, 2005, pp. 696–703.

KDD CUP DATA, 1999. Avaliable from: <http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html>, <http://www-cse.ucsd.edu/users/elkan/kdresults.html>.

Cabrera, 2005, Proactive intrusion detection and distributed denial of service attacks – a case study in security management, J. Netw. Sys. Manag., 10, 225, 10.1023/A:1015910917349

R, Puttini, M. Hanashiro, F. Miziara, R.D. Sousa, L.J. García-Villalba, C.J. Barenco, On the anomaly intrusion detection in mobile ad hoc network environments, in: Proceedings of PWC, LNCS, vol. 4217, 2006, pp. 182–193.

K.H. Ramah, H. Ayari, F. Kamoun, Traffic anomaly detection and characterization in the tunisian national university network, in: Proceedings of Networking, LNCS, vol. 3979, 2006, pp. 136–147.

M. Shyu, S. Chen, K. Sarinnapakorn, L. Chang, A novel anomaly detection scheme based on principal component classifier, in: Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, Florida, USA, 2003, pp. 172–179.

P. Barford, D. Plonka, Characteristics of network traffic flow anomalies, in: Proceedings of ACM SIGCOMM IMW, San Francisco, CA, November 2001.

IETF RFC 1213, Management information base for network management of TCP/IP-based internets: MIB-II, Available from: <http://www.rfc-editor.org/rfc/rfc1213.txt>.

D. Dittrich, Distributed denial of service (DDoS) attacks/tools, Available from: <http://staff.washington.edu/dittrich/misc/ddos/>.

Liao, 2002, Use of k-nearest neighbor classifier for intrusion detection, Comput. Secur., 21, 439, 10.1016/S0167-4048(02)00514-X

Y. Wu, A. Zhang, Feature selection for classifying high-dimensional numerical data, in: Proceedings of IEEE Conference on Computer Society, CVPR, vol. 2, 2004, pp. 251–258.

N. Williams S. Zander G. Armitage A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification, in: ACM SIGCOMM Computer Communication Review, 36 (5) 2006, pp. 5–16.

I. Oh, J. Lee, B. Moon, Hybrid genetic algorithms for feature selection, in: IEEE Transactions on Pattern Analysis and Machine Intelligence, 26 (11) 2006, pp. 1424–1437.

Fleuret, 2004, Fast binary feature selection with conditional mutual information, J. Mach. Learn. Res., 5, 1531

Y. Sun, J. Li, Iterative RELIEF for feature weighting, in: Proceedings of the Twentythird International Conference on Machine Learning, 2006, pp. 913–920.

M. Hall, Correlation-based feature selection for machine learning, in: PhD Diss., Department of Computer Science, Waikato University, Hamilton, NZ, 1998.

WEKA: Data mining software in java, Available from: <http://www.cs.waikato.ac.nz/ml/weka/>.

J. Park, M. Kim, Design and implementation of an SNMP-based traffic flooding attack detection system, in: Proceedings of the Asia-Pacific Network Operations and Management Symposium (APNOMS) 2008, Beijing, China, October 2008.

D.-S. Yoo, C.-S. Oh, Traffic gathering and analysis algorithm for attack detection, KoCon 2004 Spring Integrated conference, vol. 4, 2004, pp. 33–43.