Attack based DoS attack detection using multiple classifier
This work addresses DoS attack detection for network security, but it is incremental as it applies existing classification methods to a specific dataset.
The paper tackled the problem of detecting Denial of Service (DoS) flooding attacks using machine learning classification algorithms on an SNMP-MIB dataset from a real testbed, finding that most DoS attacks can be detected with high accuracy, with Slowloris having the highest detection rate and TCP-SYN the lowest.
One of the most common internet attacks causing significant economic losses in recent years is the Denial of Service (DoS) flooding attack. As a countermeasure, intrusion detection systems equipped with machine learning classification algorithms were developed to detect anomalies in network traffic. These classification algorithms had varying degrees of success, depending on the type of DoS attack used. In this paper, we use an SNMP-MIB dataset from real testbed to explore the most prominent DoS attacks and the chances of their detection based on the classification algorithm used. The results show that most DOS attacks used nowadays can be detected with high accuracy using machine learning classification techniques based on features provided by SNMP-MIB. We also conclude that of all the attacks we studied, the Slowloris attack had the highest detection rate, on the other hand TCP-SYN had the lowest detection rate throughout all classification techniques, despite being one of the most used DoS attacks.