№1, 2018


Babek R. Nabiyev

One of the important problems of network security is availability. One of the most common threats to the network access are DDoS attacks. Identifying and preventing these attacks is the main purpose of this article. For this purpose, the data and methods of the KDD CUP 99 cluster were selected for their analysis. As the main methods of analysis, algorithms were chosen k-means and EM (pp.98-107).

Keywords: DDoS, clustering, k-means, EM-algorithm, network traffic, kdd cup 99.
  • https://www.neustar.biz/about-us/news-room/press-releases/2017/dDoS2017
  • Bhaya W., Manaa M.E. Review clustering mechanisms of distributed denial of service attacks // Journal of Computer Science, 2014, 10, no.10, pp.2037–2046.
  • Bhuyan M.H., Kashyap H.J., Bhattacharyya D.K., Kalita J.K. Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions // The Computer Journal, 2013, vol.57, no.4, pp.537–556.
  • Bhaya W., Manaa M.E. A Proactive DDoS Attack Detection Approach Using Data Mining Cluster Analysis // Journal of Next Generation Information Technology, 2014, vol.5, no.4, pp.36–47.
  • Lee K., Kim J., Kwon K. H., Han Y., Kim S. DDoS attack detection method using cluster analysis // Expert Systems with Applications, 2008, vol.34, no.3, pp.1659–1665.
  • Liao Q., Li H., Kang S., Liu C. Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching // Security and Communication Networks, 2015, vol.8 , no.17, pp.3111–3120.
  • Zi L., Yearwood J., Wu X.W. Adaptive Clustering with Feature Ranking for DDoS Attacks Detection / International Conference on Network and System Security (NSS), 2010, pp.281–286.
  • Chwalinski P., Belavkin R., Cheng X. Detection of Application Layer DDoS Attacks with Clustering and Bayes Factors / International Conference on Systems, Man, and Cybernetics, 2013, pp.156–161.
  • Zhao T., Lo D.C., Qian K. A Neural-Network Based DDoS Detection System Using Hadoop and HBase / 17th International Conference on High Performance Computing and Communications (HPCC), 2015, pp.1326–1331.
  • Kayacık H. G., Zincir-Heywood A. N., Heywood M.I. Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets / Third Annual Conference on Privacy, Security and Trust, 2005, pp.1–6.
  • Olusola A. A., Oladele A. S., Abosede D. O., Analysis of KDD'99 Intrusion Detection Dataset for Selection of Relevance Features / Proceedings of The World Congress on Engineering and Computer Science, 2010, pp.162–168.
  • Kumari R., Sheetanshu, Singh M.K., Jha R., Singh N.K. Anomaly detection in network traffic using K-mean clustering // International Conference on Recent Advances in Information Technology (RAIT), 2016, pp.387–393.
  • Aliguliyev R.M. Performance evaluation of density-based clustering methods // Information Sciences, 2009, vol.179, no.20, pp.3583–3602.
  • Tavallaee M., Bagheri E., Lu W., Ghorbani A.A. A detailed analysis of the KDD CUP 99 data set // IEEE Symposium on Computational Intelligence in Security and Defense Applications, 2009, pp.53–58.
  • Quost B., Denœux T. Clustering fuzzy data using the fuzzy EM algorithm // Fuzzy Sets and Systems, 2016, vol.286, pp.134–156.
  • http://stats.stackexchange.com/questions/89030/rand-index-calculation