DDoS Detection on Network Protocol Using Cosine Similarity and N-Gram+ Method
| Autor: | Andi Maslan, Kamaruddin Malik Mohammad, Sasa Ani Arnomo |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Computer science
Transmission Control Protocol Network packet business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Cosine similarity Denial-of-service attack Intrusion detection system computer.software_genre Similarity (network science) Malware Communications protocol business computer Computer network |
| Zdroj: | 2018 International Conference on Sustainable Information Engineering and Technology (SIET). |
| DOI: | 10.1109/siet.2018.8693215 |
| Popis: | Data Packages containing malware can perform attacks on network protocols such as SMTP, TCP, UDP, POP, HTTP protocols. One way to detect attacks is to install the Intrusion Detection System. IDS can be installed either on the Host's side of the Network. Attacks that occur can damage the system and also can steal important files that exist in the system. This research proposes the N-Gram and Cosine Similarity methods to detect malicious code in the data packets. This technique is part of the anomaly-based malware-based detection process. The goal is to look for irregularities in the system and created first a normal profile of a system to facilitate the detection of intrusion that occurs in computer networks. The results of research using n-gram and similarity search with cosine similarity method proved to be used in intrusion detection system to detect Distributed Daniel of Service (DDoS) attacks and IDS that implemented can run in real-time especially HTTP and TCP protocol. With the Similarity and N-Gram + Cosine method, IDS is able to detect types of attacks that have not been detected before such as Adware whose detection accuracy reaches 75%. Because adware aims at promoting banners, deflecting visitors' traffic even sending data packets continuously. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|