BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks

Vinayaka Jyothi, Xueyang Wang, Sateesh K. Addepalli, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Denial-of-Service (DoS) and Distributed Denial-of Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm rate of 0%.

Original languageEnglish (US)
Title of host publicationProceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems
PublisherIEEE Computer Society
Pages587-588
Number of pages2
ISBN (Electronic)9781467387002
DOIs
StatePublished - Mar 16 2016
Event29th International Conference on VLSI Design, VLSID 2016 - Kolkata, India
Duration: Jan 4 2016Jan 8 2016

Publication series

NameProceedings of the IEEE International Conference on VLSI Design
Volume2016-March
ISSN (Print)1063-9667

Other

Other29th International Conference on VLSI Design, VLSID 2016
CountryIndia
CityKolkata
Period1/4/161/8/16

Keywords

  • Apdaptive
  • Application security
  • BRAIN
  • Behavior based
  • DDoS
  • HPC
  • Hardware Performance Couners
  • Intrusion detection
  • Machine Leaning
  • Network Security

ASJC Scopus subject areas

  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks'. Together they form a unique fingerprint.

Cite this