An in-depth analysis on traffic flooding attacks detection and system using data mining techniques

Recently, as network traffic flooding attack such as DoS and DDoS have posed devastating threats on network services, rapid detection, and semantic analysis are the major concern for secure and reliable network services. In addition, in a recent issue of the safety and comfort of vehicles and communication technologies for service is required. We propose a traffic flooding attack detection and an in-depth analysis system that uses data mining techniques. In this paper we (1) designed and implemented a system that detects traffic flooding attacks. Then, it executes classification by attack type and it uses SNMP MIB information based on C4.5 algorithm; (2) conducted a semantic interpretation that extracts and analyzes the rules of execution mechanism that are additionally provided by C4.5; (3) performed an in-depth analysis on the attack patterns and useful knowledge inherent in their data by type, utilizing association rule mining. Classification by attack and attack type based on C4.5 and association rules, automatic rule extraction and semantic in-depth interpretation, which are proposed in this paper, provide a positive possibility to add momentum towards the development of new methodologies for intrusion detection systems as well as to support establishing policies for intrusion detection and response systems.