Home Journals AMA_D Optimisation of Hidden Markov Model for Distributed Denial of Service Attack Prediction Using Variational Bayesian

JOURNAL METRICS

CiteScore 2018: N/A ℹCiteScore:

CiteScore is the number of citations received by a journal in one year to documents published in the three previous years, divided by the number of documents indexed in Scopus published in those same three years.

SCImago Journal Rank (SJR) 2018: N/A ℹSCImago Journal Rank (SJR):

The SJR is a size-independent prestige indicator that ranks journals by their 'average prestige per article'. It is based on the idea that 'all citations are not created equal'. SJR is a measure of scientific influence of journals that accounts for both the number of citations received by a journal and the importance or prestige of the journals where such citations come from It measures the scientific influence of the average article in a journal, it expresses how central to the global scientific discussion an average article of the journal is.

Source Normalized Impact per Paper (SNIP): N/A ℹSource Normalized Impact per Paper(SNIP):

SNIP measures a source’s contextual citation impact by weighting citations based on the total number of citations in a subject field. It helps you make a direct comparison of sources in different subject fields. SNIP takes into account characteristics of the source's subject field, which is the set of documents citing that source.

123.png

Optimisation of Hidden Markov Model for Distributed Denial of Service Attack Prediction Using Variational Bayesian

A.A. Afolorunso^*| O. Abass

Department of Computer Science, Faculty of Science, National Open University of Nigeria,Nigeria, 91, Cadastral Zone, Jabi, Abuja,

Department of Computer Sciences, Faculty of Science, University of Lagos,Nigeria, Akoka-Lagos

Corresponding Author Email:

aafolorunsho@noun.edu.ng, oabass@unilag.edu.ng

Received:

March 2017

| |

Accepted:

15 November 2017

| | Citation

22.01_04.pdf

OPEN ACCESS

Abstract:

Distributed Denial of Service (DDoS), is a coordinated attack majorly carried out on a massive scale against the availability of services/resources of a target system. Several DDoS attack detection, prevention or prediction techniques have been proposed. Some of these techniques have shortcomings such as high false positive rate, high computational time, low prediction precision and so on. This paper presents a novel machine learning technique based on variational Bayesian algorithms to obtain an Hidden Markov Model (HMM) with optimised number of model states and parameters for DDoS attack prediction. This method not only overcomes the slow convergence speed of the HMM approach, but it also avoids the problem of overfitting the model structure by removing excess transition and emission processes. Experiments with the DARPA 2000 intrusion datasets shows this method is able to find the optimal topology in every case and achieves better average precision rate compared to classic HMM.

Keywords:

DDoS, Variational Bayesian, Hidden Markov model, network attacks

1. Introduction

2. Related Research

3. Research Methodology

4.Results and Discussion

5. Conclusion

References

[1] A. A. Afolorunso, A. P. Adewole, O. Abass, H. O. D. Longe, "Kullback-Liebler divergence for reducing the observable states space of hidden Markov model for predicting distributed denial of service attack". 11th Unilag Conference and Fair, 2016, Lagos, Nigeria, Proc. pp. 184-193, 2016.

[2] B. Agarwal and N. Mittal, "Hybrid approach for detection of anomaly network traffic using data mining techniques", 2nd International Conference on Communication, Computing & Security [ICCCS-2012], Procedia Technology, Vol. 6, pp. 996-1003, 2012

[3] E. B. Ahani, O. Abass and R. A. Kasumu, "Sequential Monte Carlo and expectation maximization algorithm for estimating parameters of a hidden Markov model", AMSE Journals, Series Advances D, Vol. 16, No. 1, pp 1-21, 2011

[4] J. C. Badajena and C. Rout, "Incorporating hidden Markov model into anomaly detection technique for network intrusion detection", International Journal of Computer Applications, vol. 53, No. 11, pp. 42-47, 2012

[5] M. Beal, "Variational algorithms for approximate bayesian inference. Ph.D. thesis, The Gatsby Computational Neuroscience Unit, University College, London, 2003

[6] P. Berezinski, B. Jasiul and M. Szpyrka, An entropy-based network anomaly detection method, Entropy 2015, vol. 17, 2367-2408, 2015

[7] H. Bunke and T. Caelli, Hidden Markov models: Applications in computer vision, 2001; World Scientific Pub Co Inc, Exeter. United Kingdom,

[8] X. Cheng and Y. Ni, "the research on dynamic risk assessment based on hidden Markov models", 2012 International Conference on Computer Science & Service System (CSSS), Nanjing, China, August 2012, Proc. pp. 1106-1109, 2012.

[9] R. Clausius and T. Hirst, The Mechanical Theory of Heat: With its applications to the steam-engine and to the physical properties of bodies, 1867; J. van Voorst: London, UK, 1867.

[10] F. Cuppens, “Managing alerts in a multi-intrusion detection environment", 17th Annual Computer Security Applications Conference, ACSAC '01, Washington, DC, USA, December, 2001, Proc. pp 22-31, 2001

[11] T. Divya and K. Muniasamy, "Real-time intrusion prediction using hidden Markov model with genetic algorithm",. In: Suresh L., Dash S., Panigrahi B. (Eds.) Artificial Intelligence and Evolutionary Algorithms in Engineering Systems. Advances in Intelligent Systems and Computing, Vol. 324. Springer, New Delhi, India, 2015.

[12] P. Dorogovs, A. Borisov and A. Romanovs, "Building an Intrusion Detection System for IT Security Based on Data Mining Techniques", Scientific Journal of Riga Technical University, Computer Science, Information Technology and Management Science, vol. 45, No. 1, pp. 43-48, 2011

[13] J. J. Flores, A. Antolino and J. M. Garcia, "Evolving hidden Markov models for network anomaly detection", 10.1109/ICNS.2010.44. Sixth International Conference on Networking and Services (ICNS) 2010, Cancun, Mexico, Mexico, March 2010, Proc. pp. 1-9, 2010.

[14] K. Haslum, M. E. G. Moe and S. J. Knapskog, "Realtime intrusion prevention and security analysis of networks using HMMs”, 33rd IEEE Conference on Local Computer Networks, LCN 2008, Montreal, Que, Canada, October 2008, Proc. pp. 927-934, 2008

[15] O. C. Ibe, Markov Processes for Stochastic Modelling, 2013, Elsevier Academic Press, California, USA.

[16] F. Jemili, M. Zaghdoud and M. B. Ahmed, "Hybrid intrusion detection and prediction multiagent system", HIDPAS, (IJCSIS) International Journal of Computer Science and Information Security, vol. 5, No.1, pp. 62-71, 2009.

[17] M. Khosronejad, E. Sharififar, H. A. Torshizi and M. Jalali, "Developing a hybrid method of hidden Markov models and C5.0 as a intrusion detection system", International Journal of Database Theory and Application, vol. 6, No. 5, pp. 165-174, 2013.

[18] K. Lee, J. Kim, K. H. Kwon, Y. Han and S. Kim, "DDoS attack detection method using cluster analysis", Expert Systems with Applications, vol. 34, No. 3, pp. 1659–1665, 2008

[19] J. B. MacQueen, "Some Methods for classification and Analysis of Multivariate Observations", Proceedings of 5th Berkeley Symposium on Mathematical Statistics and Probability", Berkeley, University of California Press, vol. 1, 281-297, 1967

[20] MIT Lincoln Lab (2000). DARPA intrusion detection scenario specific datasets. http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html, access date January 2015.

[21] MIT Lincoln Lab (1999). DARPA intrusion detection scenario specific datasets. Available at http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html, access date January 2015.

[22] E. B. Nkemnole, O. Abass and R. K. Kasumu, "Parameter estimation of a class of hidden Markov model with diagnostics", Journal of Modern Applied Statistical Methods, vol. 12, No. 1, pp. 181 - 197, 2013.

[23] P. R. M. Rao, K.V. Reddy and S. V. Hemanth, "Minimizing application layer DDoS attacks using website customization", International Journal of Computer Science and Technology, vol. 3, No. 4, pp. 838-841, 2012.

[24] L. Saganowski, M. Goncerzewicz and T. Andrysiak, "Anomaly detection preprocessor for SNORT IDS system", In: Choraś R. (Eds) Image Processing and Communications Challenges 4. Advances in Intelligent Systems and Computing, vol 184. 2013, Springer, Berlin, Heidelberg, pp. 225-232, 2013. [25] K. Satpute, S. Agrawal, J. Agrawal and S. Sharma, "A survey on anomaly detection in network intrusion detection system using particle swarm optimization based machine learning techniques In: Satapathy S., Udgata S., Biswal B. (Eds.) Proceedings of the International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA). Advances in Intelligent Systems and Computing, 2013, Springer, Berlin, Heidelberg, vol. 199, pp. 441-452, 2013.

[26] S. Sendi, M. Dagenais, M. Jabbarifar and M. Couture, "Real time intrusion prediction based on optimized alerts with hidden Markov model", Journal of Networks, vol. 7, No. 2, pp. 311-321, 2012.

[27] J. L. Seng and T. C. Chen, "An analytic approach to select data mining for business decision", Expert Systems with Applications, vol. 37, No. 12, pp. 8042-8057, 2010.

[28] C. E. Shannon, "A mathematical theory of communication", The Bell System Technical Journal, vol. 27, pp. 379–423, 1948.

[29] S. Sharma and R. K. Gupta, "Intrusion detection system: A review", International Journal of Security and Its Applications, vol. 9, No. 5, pp. 69-76, 2015

[30] S. Shin, S. Lee, H. Kim and S. Kim, "Advanced probabilistic approach for network intrusion forecasting and detection", Expert Systems with Applications, vol. 40, No. 1, pp. 315-322, 2013.

[31] Sodiya, A. S., Longe, H. O. D. and Akinwale, A. T. (2004), "A new two-tiered strategy to intrusion detection", Information Management and Computer security, vol. 12, No. 1, pp. 27-44, 2004.

[32] U. S. K. P. M. Thanthrige, J. Samarabandu and X. Wang, Intrusion alert prediction using a hidden Markov model, https://arxiv.org/pdf/1610.07276, access date January 2017.

[33] C.Warrender, S. Forrest and B. Pearlmutter, Detection of Intrusion Using System Calls: Alternative Data Models[C], IEEE Symposium on Security and Privacy, 1999, www.researchgate.net/publication/2448365_Detecting_Intrusions_Using_System_Calls_Alternative_Data_Models, access date December 2016

[34] X. Zhang, L. Jia, H. Shi, Z. Tang and X. Wang, "The Application of Machine Learning Methods to Intrusion Detection", Spring Congress on Engineering and Technology (S-CET), 2012, Xian, China, November 2012, Proc. pp. 1-4, 2012.

IJHT
MMEP
ACSM
EJEE
ISI
I2M
JESA
RCMA
RIA
TS
IJSDP
IJSSE
IJDNE
JNMES
IJES
EESRJ
RCES
AMA_A
AMA_B
AMA_C
AMA_D
MMC_A
MMC_B
MMC_C
MMC_D

Username
Password
Remember me

Search form

Optimisation of Hidden Markov Model for Distributed Denial of Service Attack Prediction Using Variational Bayesian