Arun Raj Kumar P.

Work place: Department of Computer Science and Engineering National Institute of Technology (NIT), Tiruchirappalli – 620015. Tamil Nadu State, INDIA

E-mail: park@nitt.edu

Website:

Research Interests: Computer systems and computational processes, Computer Networks, Network Architecture, Network Security, Data Structures and Algorithms

Biography

Arun Raj Kumar, P., received a Bachelor of Engineering degree in Computer Engineering from Regional Engineering College (REC), Jaipur, India in 2002. He worked as a Faculty for one year and as a Lecturer for three years in the Department of IT in an Engineering College from 2003 to 2006. He received a Master of Technology degree in Computer Science and Engineering with Distinction from National Institute of Technology (NIT) Tiruchirappalli, India in 2008. Currently, he is pursuing Ph.D. in Computer Science and Engineering at National Institute of Technology (NIT) Tiruchirappalli, India. His research interests include Computer Networks, Wireless Sensor Networks, and Network Security.

Author Articles
M2KMIX: Identifying the Type of High Rate Flooding Attacks using a Mixture of Expert Systems

By Arun Raj Kumar P. S. Selvakumar

DOI: https://doi.org/10.5815/ijcnis.2012.01.01, Pub. Date: 8 Feb. 2012

High rate flooding attacks such as SYN flood, UDP flood, and HTTP flood have been posing a perilous threat to Web servers, DNS servers, Mail servers, VoIP servers, etc. These high rate flooding attacks deplete the limited capacity of the server resources. Hence, there is a need for the protection of these critical resources from high rate flooding attacks. Existing detection techniques used in Firewalls, IPS, IDS, etc., fail to identify the illegitimate traffic due to its self-similarity nature of legitimate traffic and suffer from low detection accuracy and high false alarms. Also, very few in the literature have focused on identifying the type of attack. This paper focuses on the identification of type of high rate flooding attack with High detection accuracy and fewer false alarms. The attack type identification is achieved by training the classifiers with different feature subsets. Therefore, each trained classifier is an expert in different feature space. High detection accuracy is achieved by creating a mixture of expert classifiers and the ensemble output decisions are identified by our proposed Preferential Agreement (PA) rule. Our proposed classification algorithm, M2KMix (mixture of two Multi Layer Perceptron and one K-Nearest Neighbor models) differs from the existing solutions in feature selection, error cost reduction, and attack type identification. M2KMix was trained and tested with our own SSE Lab 2011 dataset and CAIDA dataset. Detection accuracy and False Alarms are the two metrics used to analyze the performance of the proposed M2KMix algorithm with the existing output combination methods such as mean, maximum, minimum, and product. From the simulation results, it is evident that M2KMix algorithm achieves high detection accuracy (97.8%) with fewer false alarms than the existing output combination methods. M2KMix identifies three types of flooding attacks, viz., the SYN Flood, UDP flood, and HTTP Flood, effectively with detection accuracy of 100%, 93.75%, and 97.5%, respectively.

[...] Read more.
Other Articles