Adaptive clustering with feature ranking for DDoS attacks detection
- Authors: Zi, Lifang , Yearwood, John , Wu, Xin
- Date: 2010
- Type: Text , Conference proceedings
- Full Text:
- Description: Distributed Denial of Service (DDoS) attacks pose an increasing threat to the current internet. The detection of such attacks plays an important role in maintaining the security of networks. In this paper, we propose a novel adaptive clustering method combined with feature ranking for DDoS attacks detection. First, based on the analysis of network traffic, preliminary variables are selected. Second, the Modified Global K-means algorithm (MGKM) is used as the basic incremental clustering algorithm to identify the cluster structure of the target data. Third, the linear correlation coefficient is used for feature ranking. Lastly, the feature ranking result is used to inform and recalculate the clusters. This adaptive process can make worthwhile adjustments to the working feature vector according to different patterns of DDoS attacks, and can improve the quality of the clusters and the effectiveness of the clustering algorithm. The experimental results demonstrate that our method is effective and adaptive in detecting the separate phases of DDoS attacks. © 2010 IEEE.
Analysis of firewall log-based detection scenarios for evidence in digital forensics
- Authors: Mukhtar, Rubiu , Al-Nemrat, Ameer , Alazab, Mamoun , Venkatraman, Sitalakshmi , Jahankhani, Hamid
- Date: 2012
- Type: Text , Journal article
- Relation: International Journal of Electronic Security and Digital Forensics Vol. 4, no. 4 (2012), p. 261-279
- Full Text: false
- Reviewed:
- Description: With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack. Copyright © 2012 Inderscience Enterprises Ltd.
- Description: 2003010400
Hybrid in-network query processing framework for wireless sensor networks
- Authors: Pervin, Shaila , Kamruzzaman, Joarder , Karmakar, Gour , Azad, Arman
- Date: 2011
- Type: Text , Conference paper
- Relation: 2011 IEEE International Conference on Communications, ICC 2011; Kyoto, Japan; 5th-9th June 2011 p. 1-6
- Full Text: false
- Reviewed:
- Description: Existing in-network query processing techniques are categorized as approximation and aggregation based approaches, where the former achieves lower network traffic at the expense of query response accuracy, whereas the later reduces query response inaccuracy by executing queries at the actual sensor nodes which necessitates the overhead of query specific sensor selection mechanism. In this paper, we propose a hybrid query processing framework that combines the advantages of both the approximation and aggregation based techniques and avoids their limitations. In our approach, we construct a hierarchical probabilistic data model representing the overall sensor data characteristics across the network, which is query independent and is later used for selecting sensor nodes to process user queries. Experimental results illustrate the efficacy of the proposed framework compared to contemporary approximation and aggregation based query processing techniques.