You are on page 1of 2

BRAIN: BEHAVIOR BASED ADAPTIVE INTRUSION DETECTION IN NETWORKS:

USING HARDWARE PERFORMANCE COUNTER TO DETECT DDOS ATTACKS

ABSTRACT
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks account for
one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to
knocking down online services, but they also disguise other malicious attacks such as delivering
malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly
based on the packet data and metrics derived only from packets. This work proposes a host based
DDoS detection framework called BRAIN: Behaviour based Adaptive Intrusion detection in
Networks. BRAIN leverages already available Hardware Performance Counters in modern
processors to model the application behavior using low-level hardware events. BRAIN combines
network statistics and modeled application behavior to detect DDoS attacks using machine
learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks,
including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm
rate of 0%.

EXISTING SYSTEM:
Network Intrusion Detection Systems (NIDS) and Anti-Denial-of-Service (DoS) employ
Deep Packet Inspection (DPI) which provides visibility to the content of payload to detect
network attacks. All DPI engines assume a pre-processing step that extracts the various protocol
specific fields. However, application layer (L7) field extraction is computationally expensive.
We propose a Deep Packet Field Extraction Engine (DPFEE) to offload the application layer
field extraction to hardware. DPFEE is a content-aware, grammar-based, Layer 7 programmable
field extraction engine for text-based protocols. Our prototype DPFEE implementation for the
Session Initiation Protocol (SIP) on a single FPGA, achieved a bandwidth of 257.1 Gbps and this
can be easily scaled beyond 300 Gbps.

#13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore 6.
Off: 0416-2247353 / 6066663 Mo: +91 9500218218
Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com

DISADVANTAGE:
All DPI engines assume a pre-processing step that extracts the various protocol specific
fields.

PROPOSED SYSTEM:
Host-based DDoS detection framework called BRAIN is proposed that adds another
dimension to detect DDoS attacks in real-time. The results illustrate that the inclusion of
hardware behavior into detection increases accuracy significantly. BRAIN is a low-cost, adaptive
and highly accurate DDoS detection framework with 99.8% accuracy. Anomaly detection in
BRAIN is doctrine around behavior derived from hardware events. It may be even possible to
model and detect other network attacks using behavior derived from these hardware events. The
exploration will be the primary focus of our future work.

ADVANATGE:
Proposed that adds another dimension to detect DDoS attacks in real time.

SYSTEM REQUIREMENTS
HARDWARE REQUIREMENTS:
Processor

Dual core processor

Speed

1.1 Ghz

Ram

1 GB

Hard Disk

80 GB

Key Board

Standard Windows Keyboard

Mouse

Two or Three Button Mouse

Monitor

SVGA

SOFTWARE REQUIREMENTS:
Operating System

Windows 7

Coding Language

Java

Database

My SQL

#13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore 6.
Off: 0416-2247353 / 6066663 Mo: +91 9500218218
Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com