Abstract

In spite of extensive research in defence against De- nial of Service (DoS), such attacks remain a predom- inant threat in today’s networks. Due to the sim- plicity of the concept and the availability of the rele- vant attack tools, launching a DoS attack is relatively easy, while defending a network resource against it is disproportionately difficult. The first step of any comprehensive protection scheme against DoS is the detection of its existence, ideally long before the de- structive traffic build-up. In this paper we propose a generic approach for DoS detection which uses multi- ple Bayesian classifiers and random neural networks (RNN). Our method is based on measuring various instantaneous and statistical variables describing the incoming network traffic, acquiring a likelihood esti- mation and fusing the information gathered from the individual input features using likelihood averaging and different architectures of RNNs. We present and compare seven different implementations of it and evaluate our experimental results obtained in a large networking testbed.