specialty journal of electronic and computer sciences
Introducing an Intrusion Detection System Based on Combined Fuzzy Inference Method and Hidden Markov Model to Identify DOS and PROBE Attacks
Saeed Teimoori, Reza Saravani
Denial of Service (DoS) attacks conducted aiming to prevent users from accessing the services provided are among the most serious challenges encountered by the Internet service providers (ISPs). One of the characteristics of this type of attack is the high volume of traffic or service requests by the high number of unauthorized attackers forming a network of robots that decrease the network performance. The increasing expansion of botnets has caused attackers to use distributed approaches to perform DoS attacks. The DoS attacks are carried out in various ways which are divided into two categories of the high-rate and low-rate attacks with respect to the volume of the transmitted traffic. In a high-rate attack, by sending a lot of packets to the network or the victim broker, the attacker tries to get them out of service. In contrast to a high-rate attack, the average traffic rate sent by the attacker is low in a low-rate DoS attack. In a low rate DoS attack against an HTTP packet, the attacker makes an attack by misusing the HTTP request. Therefore, a method has been presented in this study to cope with the HTTP request attacks based on the Hidden Markov Model (HMM) and fuzzy system. In the proposed method, the characteristics of the attack traffic are first examined and the most appropriate ones are chosen. In the next step, these characteristics are pre-processed with data mining methods and trained to the HMM. Then, the fuzzy rules are defined and the membership functions are formed. The experimental findings indicated the more desirable performance of the proposed method in obtaining the accuracy rate compared to the base method.