Browsing by Author "Karademir, Ramazan"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Intelligent anomaly detection techniques for denial of service attacks
    (Bahçeşehir Üniversitesi Fen Bilimleri Enstitüsü, 2015-01) Karademir, Ramazan; Güngör, Vehbi Çağrı
    With the increase of services provided over the internet, attacks to cease the availability of these services are increasing, diversifying and renewing every day. These types of attacks, which are called Denial of Service (DoS) attacks, constitute most of the attacks over the internet these days. When you think of the diversity of the services and commercial volumes of the services provided over the internet, any disruption of these services even in short durations, may cause inconvenience for the services, financial loss as well as prestige and loss of confidence for companies and institutions. Most of the time it is very difficult to identify and detect denial of service attacks that targets to computer networks. The most important reason for this is that, the network traffic that is generated by denial of service attacks is almost identical with the network traffic that is generated by a real user. Here, the adversary is identified by only it’s intend. With this work, we aim to detect denial of service attacks quickly, in a right way and differentiate the real user from adversary with the lowest possible error. In order to achieve this aim we think that the use of different data mining techniques is suitable. In this direction, the traffic of Ligtv.com.tr web sites, which has a millions of users from all over the world, is traced in live environment. In order to differentiate real user traffic and denial of service attack traffic, significant network traffic features are identified. Attack free network traffic is recorded to the database and normal user profile is created. Then, different distributed denial of service attacks are generated for this site and this traffic is also recorded to the database to construct attack profile. Finally normal profile and attack profile are merged and analyzed with data mining methods.