Distributed Denial of Service attack (DoS attack) is a cyber attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method because they are designed to restricted applications on limited environments.DDoS attack detection very difficult because the non-existence of predefined rules to correctly identify the genuine network flow. A combination of unsupervised data mining techniques as IDS are introduced. The Entropy Method concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from datasets. The CURE DDoS attack detection technique based on entropy gives a promising way to analyze this attack and construct an efficient detection model using a clustering data mining techniques. This approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient.
2. W. Cerroni, G. Monti, G. Moro, and M. Ramilli, “Network Attack Detection Based On Peer-To-Peer Clustering Of SNMP Data,” in international Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustnes, 2009, vol. 22, no. 213110, pp. 417-430.
3. M. Suresh and R. Anitha, “Evaluating Machine Learning Algorithms for Detecting DDoS Attacks,” in International Conference on Network Security and Applications, 2011, pp. 441-452.
4. H. Om and A. Kundu, “A Hybrid System for Reducing the False Alarm Rate of Anomaly Intrusion Detection System,” in International
5. Conference on Recent Advances in Information Technology, 2012, pp. 131-136.
6. J. Mazel, P. Casas, and P. Owezarski, “Sub-space Clustering and Evidence Accumulation for Unsupervised Network Anomaly Detection,” in
7. International Conference in Traffic Monitoring and Analysis, 2011, vol. 6613, pp. 15-28.
8. V. Rajyaguru, V. R Tamma, B. S. Manoj, and M. Sarkar, “On Detecting CTS Duration Attacks Using K-means Clustering in WLANs,” in
9. International Conference on Advanced Networks and Telecommunciations Systems, 2012, pp. 12-14.
10. R. Suganya, “Denial-of-Service Attack Detection Using Anomaly with Misuse Based Method,” in International Journal of Computer Science and Network Security, vol. 16, no. 4, pp. 124-128, 2016.
11. T. Johnson Singh, Khundrakpam; Thongam, Khelchandra; De, “Entropy Based Application Layer DDoS Attack Detection Using Artificial Neural Networks,” MDPI, vol. 18, pp. 1-17, 2016.
12. Shao Xiufeng, Cheng Wei, “Improved CURE Algorithm and Application of Clustering for Large-scale Data,”.