A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis | FTJ1450

A System for Denial-of-Service Attack Detection Based on

Multivariate Correlation Analysis : IEEE2014

Interconnected systems, such as Web servers, database servers, cloud computing servers and so on, are now under threads from network attackers. As one of most common and aggressive means, denial-of-service (DoS) attacks cause serious impact on these computing systems. In this paper, we present a DoS attack detection system that uses multivariate correlation analysis (MCA) for accurate network traffic characterization by extracting the geometrical correlations between network traffic features. Our MCA-based DoS attack detection system employs the principle of anomaly based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle-area-based technique is proposed to enhance and to speed up the process of MCA. The effectiveness of our proposed detection system is evaluated using KDD Cup 99 data set, and the influences of both non-normalized data and normalized data on the performance of the proposed detection system are examined. The results show that our system outperforms two other previously developed state-of-the-art approaches in terms of detection accuracy.

Denial-of-service (DoS) attacks are one type of aggres­sive and menacing intrusive behavior to online servers. DoS attacks severely degrade the availability of a victim, which can be a host, a router, or an entire network. They impose intensive computation tasks to the victim by exploiting its system vulnerability or flooding it with huge amount of useless packets. The victim can be forced out of service from a few minutes to even several days. This causes serious damages to the services running on the victim. Therefore, effective detection of DoS attacks is essential to the protection of online services. Work on DoS attack detection mainly focuses on the development of network-based detection mechanisms. Detection systems based on these mechanisms monitor traffic transmitting over the protected networks.

Architecture Diagram: 


This paper has presented an MCA-based DoS attack detection system which is powered by the triangle-area- based MCA technique and the anomaly-based detection technique. The former technique extracts the geometrical correlations hidden in individual pairs of two distinct features within each network traffic record, and offers more accurate characterization for network traffic behaviors. The latter technique facilitates our system to be able to distinguish both known and unknown DoS attacks from legitimate network traffic.

System Specification :


Processor                 : intel Pentium IV

Ram                          : 512 MB

Hard Disk              : 80 GB HDD



Operating System         : windows XP / Windows 7

FrontEnd                        : Java

BackEnd                          : MySQL 5


  1. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time,” Computer Networks, vol. 31, pp. 2435-2463, 1999.
  2. Garca-Teodoro, J. Daz-Verdejo, G. Maci-Fernndez, and E. Vzquez, “Anomaly- Based Network Intrusion Detection: Techni­ques, Systems and Challenges,” Computers and Security, vol. 28, pp. 18-28, 2009.
  3. E. Denning, “An Intrusion-Detection Model,” IEEE Trans. Software Eng., vol. TSE-13, no. 2, pp. 222-232, Feb. 1987.
  4. Lee, J. Kim, K.H. Kwon, Y. Han, and S. Kim, “DDoS Attack Detection Method Using Cluster Analysis,” Expert Systems with Applications, vol. 34, no. 3, pp. 1659-1665, 2008.
  5. Tajbakhsh, M. Rahmati, and A. Mirzaei, “Intrusion Detection Using Fuzzy Association Rules,” Applied Soft Computing, vol. 9, no. 2, pp. 462-469, 2009.
  6. Yu, H. Lee, M.-S. Kim, and D. Park, “Traffic Flooding Attack Detection with SNMP MIB Using SVM,” Computer Comm., vol. 31, no. 17, pp. 4212-4219, 2008.
  7. Hu, W. Hu, and S. Maybank, “AdaBoost-Based Algorithm for Network Intrusion Detection,” IEEE Trans. Systems, Man, and Cybernetics Part B, vol. 38, no. 2, pp. 577-583, Apr. 2008.
  8. Yu, H. Kai, and K. Wei-Shinn, “Collaborative Detection of DDoS Attacks over Multiple Network Domains,” IEEE Trans. Parallel and Distributed Systems, vol. 18,no. 12, pp. 1649-1662, Dec. 2007.
  9. Thatte, U. Mitra, and J. Heidemann, “Parametric Methods for Anomaly Detection in Aggregate Traffic,” IEEE/ACM Trans. Networking, vol. 19, no. 2, pp. 512-525,Apr. 2011.
  10. T. Sarasamma, Q.A. Zhu, and J. Huff, “Hierarchical Kohonenen Net for Anomaly Detection in Network Security,” IEEE Trans. Systems, Man, and Cybernetics, Part B:Cybernetics, vol. 35, no. 2, pp. 302-312, Apr. 2005.

Download Link :

A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis

A System for Denial-of-Service Attack Detection Based on