This research studies the effects of TCP-based attacks on AI algorithms computing time and detection ratio using the KDDCUP dataset and the collected dataset. This study gathers network traffic; normal and abnormal containing attacks are collected by SNORT. It also extracts features in TCP headers of the packets in the collected dataset such as sequence and acknowledges numbers, window size, control flags, and an event which is the time between neighbor segments. First, the feature set is normalized to reduce our input feature space dimensionality and apply Pearson correlation to measure the dependability of the relationship. Finally, the selected subset of the features is given to learning the classifiers: J-48, Naïve Bayes, and ANNs. By adopting machine learning and data mining concepts, we could detect 98% of abnormal traffic containing attacks.

1. I. Cisco, “Cisco visual networking index: Forecast and methodology,” 2011–2016. CISCO White paper, 2016. (2011).
2. Scarfone, K. and Mell, P. “Guide to intrusion detection and prevention systems (IDPS),” NIST Special Publication, vol. 800, no. 2007, pp. 94, 2007.
3. L. Hanguang and N. Yu, “Intrusion detection technology research based on apriori algorithm,” Physics Procedia, vol. 24, pp. 1615-1620, 2012. https://dx.doi.org/10.1016/j.phpro.2012.02.238
4. A. S. K. Pathan, Ed. The State of the Art in Intrusion Prevention and Detection, U.S: CRC press, 2014. https://dx.doi.org/10.1201/b16390
5. M. N. S. Lakshmi and Y. Radhika, “A complete study on intrusion detection using data mining techniques,” International Journal of Computer Engineering and Applications, vol. 9, no. 6, 2015.
6. M. Stampar and K. Fertalj, “Artificial intelligence in network intrusion detection,” in Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2015 38th International Convention on, pp. 1318-1323, May, 2015. https://dx.doi.org/10.1109/mipro.2015.7160479
7. S. Balakrishnan, K. Venkatalakshmi and A. Kannan, “Intrusion detection system using feature selection and classification technique,” International Journal of Computer Science and Application, vol. 3, no. 4, pp. 145-151, 2014. https://dx.doi.org/10.14355/ijcsa.2014.0304.02
8. M. Moradi and M. Zulkernine, A neural network based system for intrusion detection and classification of attacks, in Proceedings of the 2004 IEEE International Conference on Advances in Intelligent Systems-Theory and Applications, Nov. 2004.
9. W. Jianping, C. Min and W. Xianwen, “A novel network attack audit system based on multi-agent technology,” Physics Procedia, vol. 25, pp. 2152-2157, 2012. https://dx.doi.org/10.1016/j.phpro.2012.03.363
10. J. Li, Y. Liu and L. Gu, DDoS attack detection based on neural network, in Aware Computing (ISAC), 2010 2nd International Symposium on, pp. 196-199, Nov. 2010.
11. J. Cannady, Artificial neural networks for misuse detection, in National Information Systems Security Conference, pp. 368-81, Oct. 1998.
12. B. B. Gupta, R. C. Joshi and M. Misra, “ANN based scheme to predict number of zombies in a DDoS attack,” International Journal Network Security, vol. 14, no. 2, pp. 61-70, 2012.
13. T. Shon and J. Moon, “A hybrid machine learning approach to network anomaly detection,” Information Sciences, vol. 177, no. 18, pp. 3799-3821, 2007. https://dx.doi.org/10.1016/j.ins.2007.03.025
14. R., Jain and N. Abouzakhar, “A comparative study of hidden markov model and support vector machine in anomaly intrusion detection,” Journal of Internet Technology and Secured Transactions (JITST), vol. 2, no. 1/2, pp. 3, 2013.

N. Ugtakhbayar, B. Usukhbayar, SH. Sodbileg, J. Nyamjav, “Detecting TCP based attacks using data mining algorithms,” International Journal of Technology and Engineering Studies, vol. 2, no. 1, pp. 1-4, 2016.