A NOVEL APPROACH FOR DETECTING DDoS ATTACK IN H-IDS USING ASSOCIATION RULE

摘要

Across the globe, all the companies are marching towards data security and data protection. Prevention measures are taken to secure their database from an intruder. As the technology grows rapidly for information/data security, the intruders also use various techniques to exploit data on other side. Distributed Denial of Service (DDoS) attack is used to override the security of targeted system, where the attacker seeks to make a terminal unavailable to its authorized users temporarily by sending "n" number of packets over the network. The triggered DDoS attack interrupts any normal operation in a network and not letting the legitimate users to access the machine. Simply, the DDoS floods the targeted machine not to do any further actions. This examination is conveyed to distinguish DDoS attack in OSSEC HIDS, and successful measures to decrease false positive rate. "OSSEC (HIDS)"[1] has brought together, cross stage design enabling different frameworks to be effortlessly observed, overseen and simple to get the recorded logs. The extracted report was analyzed with "ASSOCIATION RULE" using Weka open source tool.