BRAIN

BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks

Vinayaka Jyothi, Xueyang Wang, Sateesh K. Addepalli, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Denial-of-Service (DoS) and Distributed Denial-of Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm rate of 0%.

Original languageEnglish (US)
Title of host publicationProceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems
PublisherIEEE Computer Society
Pages587-588
Number of pages2
Volume2016-March
ISBN (Print)9781467387002
DOIs
StatePublished - Mar 16 2016
Event29th International Conference on VLSI Design, VLSID 2016 - Kolkata, India
Duration: Jan 4 2016Jan 8 2016

Other

Other29th International Conference on VLSI Design, VLSID 2016
CountryIndia
CityKolkata
Period1/4/161/8/16

Fingerprint

Intrusion detection
Computer hardware
Hardware
Learning systems
Statistics
Wire
Denial-of-service attack
Experiments

Keywords

  • Apdaptive
  • Application security
  • Behavior based
  • BRAIN
  • DDoS
  • Hardware Performance Couners
  • HPC
  • Intrusion detection
  • Machine Leaning
  • Network Security

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture

Cite this

Jyothi, V., Wang, X., Addepalli, S. K., & Karri, R. (2016). BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks. In Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems (Vol. 2016-March, pp. 587-588). [7435029] IEEE Computer Society. https://doi.org/10.1109/VLSID.2016.115

BRAIN : BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks. / Jyothi, Vinayaka; Wang, Xueyang; Addepalli, Sateesh K.; Karri, Ramesh.

Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems. Vol. 2016-March IEEE Computer Society, 2016. p. 587-588 7435029.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jyothi, V, Wang, X, Addepalli, SK & Karri, R 2016, BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks. in Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems. vol. 2016-March, 7435029, IEEE Computer Society, pp. 587-588, 29th International Conference on VLSI Design, VLSID 2016, Kolkata, India, 1/4/16. https://doi.org/10.1109/VLSID.2016.115
Jyothi V, Wang X, Addepalli SK, Karri R. BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks. In Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems. Vol. 2016-March. IEEE Computer Society. 2016. p. 587-588. 7435029 https://doi.org/10.1109/VLSID.2016.115
Jyothi, Vinayaka ; Wang, Xueyang ; Addepalli, Sateesh K. ; Karri, Ramesh. / BRAIN : BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks. Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems. Vol. 2016-March IEEE Computer Society, 2016. pp. 587-588
@inproceedings{40a59675075c4b59b78750ac13dc871d,
title = "BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks",
abstract = "Denial-of-Service (DoS) and Distributed Denial-of Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8{\%} and a false alarm rate of 0{\%}.",
keywords = "Apdaptive, Application security, Behavior based, BRAIN, DDoS, Hardware Performance Couners, HPC, Intrusion detection, Machine Leaning, Network Security",
author = "Vinayaka Jyothi and Xueyang Wang and Addepalli, {Sateesh K.} and Ramesh Karri",
year = "2016",
month = "3",
day = "16",
doi = "10.1109/VLSID.2016.115",
language = "English (US)",
isbn = "9781467387002",
volume = "2016-March",
pages = "587--588",
booktitle = "Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - BRAIN

T2 - BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks

AU - Jyothi, Vinayaka

AU - Wang, Xueyang

AU - Addepalli, Sateesh K.

AU - Karri, Ramesh

PY - 2016/3/16

Y1 - 2016/3/16

N2 - Denial-of-Service (DoS) and Distributed Denial-of Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm rate of 0%.

AB - Denial-of-Service (DoS) and Distributed Denial-of Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm rate of 0%.

KW - Apdaptive

KW - Application security

KW - Behavior based

KW - BRAIN

KW - DDoS

KW - Hardware Performance Couners

KW - HPC

KW - Intrusion detection

KW - Machine Leaning

KW - Network Security

UR - http://www.scopus.com/inward/record.url?scp=84964667613&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84964667613&partnerID=8YFLogxK

U2 - 10.1109/VLSID.2016.115

DO - 10.1109/VLSID.2016.115

M3 - Conference contribution

SN - 9781467387002

VL - 2016-March

SP - 587

EP - 588

BT - Proceedings - 29th International Conference on VLSI Design, VLSID 2016 - Held concurrently with 15th International Conference on Embedded Systems

PB - IEEE Computer Society

ER -