Authors: P. Devi; A. Kannammal
Addresses: Department of Computer Applications, Coimbatore Institute of Technology, Avinashi Road, Coimbatore, 641014 Tamil Nadu, India ' Department of Computer Applications, Coimbatore Institute of Technology, Avinashi Road, Coimbatore, 641014 Tamil Nadu, India
Abstract: Various types of routing attacks and their corresponding countermeasures for mobile ad hoc networks (MANETs) have been identified in the literature study. However problems of computational complexity and false alarms have not yet been reduced. In this paper, we have proposed a proactive detection mechanism for distributed denial of service (DDoS) which considers feature extraction, reduction of entropy, clustering technique and feature ranking. These techniques are approached by statistical analysis and involved for XOR marking to classify legitimate and malicious data packets. Our system applies detection methodologies on each packet, finds abnormalities during the pre-attack phase itself and filters them. Experiments are done with the 2000 DARPA intrusion detection scenario specific dataset to assess detection time, ratio of false alarms, and complexity. The experimental results show the efficiency of proposed system in detection of DDoS attack with larger reduction of false positive and computational complexity.
Keywords: mobile ad hoc networks; MANETs; network security; DDoS attacks; DDoS detection; cluster analysis; entropy reduction; statistical analysis; feature extraction; feature ranking; distributed denial of service; clustering; legitimate data packets; malicious data packets; intrusion detection; detection time; false alarms; complexity.
International Journal of Embedded Systems, 2016 Vol.8 No.1, pp.69 - 77
Available online: 17 Dec 2015 *Full-text access for editors Access for subscribers Purchase this article Comment on this article