| dc.contributor.author | Balkanli, Eray | |
| dc.date.accessioned | 2015-04-27T17:52:51Z | |
| dc.date.available | 2015-04-27T17:52:51Z | |
| dc.date.issued | 2015-04-27 | |
| dc.identifier.uri | http://hdl.handle.net/10222/56583 | |
| dc.description.abstract | Since the occurrence and variety of Distributed Denial of Service (DDoS) has dramatically increased, the discovery of DDoS signatures (rules) become very difficult for current intrusion detection mechanisms. Darknets, which refer to unallocated Internet Protocol (IP) addresses in a network, are used to collect attack traffic to reveal the potential signatures. Backscatter, a behaviour observed in darknets, is a side effect of DDoS attacks generated by victim responds to the spoofed IP addresses. This thesis explores general backscatter patterns mostly based on the major transport, network and application layer protocols and ports. A detailed evaluation expressing the performances of five different signature-based network traffic monitoring systems, namely Snort, Bro, Iatmon, Corsaro and Cisco's Adaptive Security Appliance (ASA) 5515-X, over backscatter traffic is also presented. Moreover, this thesis analyzes the performances of three machine learning techniques, namely C4.5 Decision Tree, Naive Bayes and AdaBoost.M1, in terms of the detection rate, false alarm rate, computational cost and ease of use of these techniques. Additionally, different training sets with different sizes and different feature sets are used to study the effects of training datasets and data pre-processing, respectively. Five different feature sets depending on the two well-known feature selection approaches, namely Chi-Square and Symmetrical Uncertainty, as well as the most commonly used features in the literature are included in these studies. All of the evaluations are performed on six different publicly available one-way darknet datasets collected between 2004 and 2012 by CAIDA. The results show that the attack trends in the employed datasets are important to understand the nature of DDoS traffic. Furthermore, the signatures generated by a machine learning system are robust in detecting DDoS traffic even when the training set is small and the attack trends are changing over time. | en_US |
| dc.language.iso | en_US | en_US |
| dc.subject | network traffic monitoring | en_US |
| dc.subject | one-way traffic | en_US |
| dc.subject | machine learning | en_US |
| dc.title | A Comprehensive Study On One-way Backscatter Traffic Analysis | en_US |
| dc.date.defence | 2015-04-13 | |
| dc.contributor.department | Faculty of Computer Science | en_US |
| dc.contributor.degree | Master of Computer Science | en_US |
| dc.contributor.external-examiner | n/a | en_US |
| dc.contributor.graduate-coordinator | Evangelos Milios | en_US |
| dc.contributor.thesis-reader | Srinivas Sampalli | en_US |
| dc.contributor.thesis-reader | Malcolm Heywood | en_US |
| dc.contributor.thesis-supervisor | A. Nur Zincir-Heywood | en_US |
| dc.contributor.ethics-approval | Not Applicable | en_US |
| dc.contributor.manuscripts | No | en_US |
| dc.contributor.copyright-release | No | en_US |
