Machine Learning based Application Layer DDoS

Attack detection using Firefly Classification

Algorithm Alekhya kaliki

1, K Munivara prasad

2

1Dept of Computer Science , Tirupati,India.

Email:kalikialekhya6302@gmail.com 2Dept of computer Science,Tirupati,India.

Email:prasadkmv27@gmail.com

Abstract. The internet network is mostly

victimized to the Distributed Denial of Service

(DDoS) Attack, which is one that intentionally

occupies the computing resources and bandwidth in

order to deny that services to potential users. The

attack scenario is to flood the packets immensely. If

the attack source is single, then the attack is referred

as denial of service (DoS) and if attack is sourced

from divergent servers, then it is referred as DDoS.

Over a decade many of the researchers considered

the detection and prevention of DDoS attack as

research objective and succeeded to deliver few

significant DDOS detection and prevention

strategies. How fast and early detection of DDoS

attack is done in streaming network transactions is

still a significant research objective in present level

of internet usage. Unfortunately the current

benchmarking DDoS attack detection strategies are

failing to justify the objective called “fast and early

detection of DDoS attack”.

International Journal of Pure and Applied MathematicsVolume 118 No. 17 2018, 635-645ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu

635

In order to this, in this paper we devised a Bio-

Inspired Anomaly based App-DDoS Attack

detection that is in the aim of achieving fast and

early detection. The proposed model is a bio-

inspired approach that used to achieve the fast and

early detection of the App-DDoS by HTTP flood.

The experiments were carried out on bench marking

CAIDA dataset and the results delivered are

boosting the significance of the proposed model to

achieve the objective of the paper.

Keywords: Denial of Service (DoS),

Distributed Denial of Service (DDoS), Application

layer DDoS attacks and Bio-inspired approaches.

1. Introduction Global network of computers interconnected through different media using a standard

protocol is called internet. Modern human beings rely on the Internet for their

education, trade, socialization and entertainment, among many other important

aspects of human life. Information sharing, E-commerce and entertainment have

taken a new dimension. Evidently, the Internet is the biggest revolution in the

computing and communications world. Web threats pose a broad range of risks,

including financial damages, identity theft, loss of confidential information or data,

theft of network resources, damaged brand/personal reputation, and erosion of

consumer confidence in e-commerce and online banking.

DoS attack is an intentional attempt by malicious users to completely disrupt or

degrade the availability of services/resources to legitimate users. Distributed denial of

service (DDoS) attack is a form of DoS attack which slowdowns the server in

responding to the client / refuses the client request. The recent familiar victims of

DDOS attack are explored in [1, 2] and strategies for successful attack mitigating are

explored in [3]. In [4], the DDoS attacks are classified based on different factors.

An Application layer DDoS attack overloads an application server by creating

excessive login, information search or search requests. Application

attacks are tougher to detect than other forms of DDoS attacks. Application Layer

DDoS attack is a DDoS attack that sends out requests following the communication

protocol, thus these requests are indistinguishable from legitimate requests in the

network layer .Consequently, traditional defense systems become less or even not

applicable for application layer DDoS attacks which make use of the asymmetric

computation between client and server, as they are proper-looking requests from the

protocol and traffic [5].The main impact of application layer DDoS attacks are

:unusually slow network performance (opening files or accessing web

sites),unavailability of a particular web site, inability to access any web site, dramatic

increase in the number of spam emails received[6] .

2. Related Work

S. Umarani et.al [7] proposed a novel method to classify the traffic flow into

DDoS attacks and legitimate access by creating the access matrix from the HTTP

International Journal of Pure and Applied Mathematics Special Issue

636

traces. In order to classify the traffic as normal or abnormal, Naive Bayes and K-

Nearest neighborhood classifiers are used. Detection Rate and False Positive Rate are

compared for analyzing the performance of the proposed classification and proved

that with the PCA selected attributes, average Detection rate and average FPR are

increased by 0.9% and 4.11% respectively. Fadir Salmen et.al [8] created digital

signature of network segment for flow analysis by using two meta-heuristic

approaches. S. Yu, S. Guo et.al [9] has been proved that bots can even resist the

underlying logic by mimicking the behavioral patterns of legitimate users to

maximum extent. D. Shona et.al [10] proposed a new model consists of two stages for

detecting the intrusions. In the first stage firefly algorithm was implemented in

MATLAB to remove the redundancy and in the second stage incomplete dataset is

converted to complete dataset by using missing value imputation in Rapid Miner.

The results are verified and validated against KDD world cup data and compared with

existing techniques. The datasets shows only the network and transport layer data and

they are not discussed about how the application layer attacks are detected.

J.senthilnath et.al [11] explored the use of firefly algorithm for clustering. Local

Minima is obtained by using the k-means clustering and this drawback was overcome

by the firefly algorithm. Global Optima is obtained by using the randomization

parameter and nature of attractiveness in clustering process.

Satyajit Yadav et.al [12] proposed a new model called Stacked AutoEncoder which

classifies the Application layer DDoS attack traffic using the feature learning.

Mikhail Zolotukhin et.al [13] proposed a model that detect intermediate and trivial

application layer DDoS attacks which are in form of encrypted network traffic.Sheng

Wen et.al [14] proposed defense mechanism is to protect web servers against

application layer DDoS attacks that pretend as flash crowds called CALD. Chengxu

Ye et.al [15] The main aim of clustering method is to cluster users’ session and

calculate the deviation between sessions and normal clusters in order to defend the

attack.

K.Munivara Prasad et.al [16] defined machine learning strategy called Anomaly

based Real Time Prevention (ARTP) of under rated App-DDoS attacks. Features have

to be extracted at absolute time interval rather than request level in order to identify

whether the traffic contains attack packets by using the defined thresholds. The

proposal is tested against benchmark dataset LLDOS dataset. The complexity of the

process reduced and attained maximum detection accuracy compared to other existing

machine learning approaches. The results are good but still it can be improved

further. From the above observations, it is observed that the existing detection

mechanisms have following drawbacks.

Detection process at request level is easy but it takes lot of time for checking

each and every request in busy networks. The time complexity will be reduced

if the detection is done at flow level rather than in request level.

Most of the approaches used statistical approaches for detecting the attacks. It is

not applicable for application layer DDoS attacks as the attack strategy and

signatures are changing very frequently now-a- days. Detection of known and

unknown attacks is to be done by using best machine learning approaches.

Clustering methods used for detecting the attacks are not generating the global

optima. Meta-heuristics approach in combination of the machine learning

metrics generates the global optima.

International Journal of Pure and Applied Mathematics Special Issue

637

Defense mechanism should minimize the problem of false positive and false

negatives rate and maximize the detection accuracy.

3. Preprocessing the Dataset using Machine Learning Metrics The transactions observed from the network are labeled as Normal or Flood at server

gateway will be used to train the proposed approach. Collected data has to be

preprocessed by using machine learning metrics, which will be used further to train

and detect the application layer distributed denial of service attacks.

3.1 Time Interval (ti)

Detection process was done at flow level rather than at request level that helps to

maximize the speed of the detection process which in turn overcomes the problem of

server degradation. In order to carry out the detection process at request stream level,

the collected records have to be formed into sessions and then into clusters by using

k-means algorithm. Average of cluster’s duration gives the time interval helps to

detect the application layer DDoS attacks. For each normal and flood transactions set

DSN and DSD respectively, divide them into sessions and then partition the sessions

into set of clusters C, which is based on session begin times. The cluster ic contains

sessions i1 i2 in{c ,c ,.....c }such that all of these sessions contains approximately similar

session duration times. Let 1 2 3 |S|S = {s ,s ,s .......s } be the set of all possible sessions in

given transactions set, which are in the ascending order of their session begin time are

grouped as clusters 1 2 |G|C = {c ,c ,.......c } by using k-means clustering algorithm

[17].For each cluster begin

Find the duration of cluster as follows: i i it(c ) = max(end(c )) - min(begin(c ))

End

C

i

i=1

t(c )

TimeInterval(ti) =C

The total observation time of the complete dataset will be partitioned into sub

intervals of Time Interval size.

3.2 Maximum number of Sessions (ms) All transactions are formed into sessions that can be either random or variable

timings. Their exists different number of sessions for each time interval. Count of

number of sessions observed in one time interval gives maximum number of sessions

of that time interval which helps in observing the user sessions to detect application

layer DDoS attacks.

3.3 Average Session Time (ast) Each session will have different session duration time. Each time interval contains

group of sessions for which the average of all the session’s duration contained in it

gives its average session time that helps to observe how much time the session is

consumed. Let Sd={sd1,sd2….} be the Session duration which is the difference

between maximum ending time and minimum starting time.

ms

i

i=1

sd

AverageSessionTime(ast) =ms

International Journal of Pure and Applied Mathematics Special Issue

638

3.4 Page access count (pac)

User will access multiple pages in different sessions of time interval. How many

pages are accessed in one time interval helps in observing whether the environment in

network is malicious or normal. Page access count of absolute time interval is the

number of web pages accessed in that time interval. 3.5 Minimum time interval between two pages (mti)

This feature is calculated for two page requests which are in sequence of absolute

time interval. How frequently the web pages are accessed by the user and the least

amount of time gap that is required between two pages is measured that will help in

observing the user behavior. Average of unique time gaps between two page requests

which are in sequence of absolute time interval gives its minimum time interval. Let

the unique time gap set of interval be 1 2tg ={tg , tg ,...}

tg

i

i=1

tg

MinimumTimeInterval(mti) =tg

3.6 Ratio of divergent familiar sources (dfs) The source address of the packets from normal and attack training set are marked as

known sources of normal and malicious respectively. Source of the testing record is

compared with the ratio of known sources to the unknown sources to find out whether

the traffic contains malicious traffic. Ratio of sources observed in that interval to all

sources observed earlier gives divergent familiar sources. ObservedSources

DivergentFamiliarSource(dfs) =EarlierSources

3.7 Packets observed per each type of packet (pc) Request can be sent through any of the packets like HTTP, FTP, SMTP etc., . Each

time interval contains different type of packets for which count of each packet is

measured. The deviation in count of packets from one time interval to another time

interval signifies the attack packet presence in the traffic.1 2 3p ={p ,p ,p ....} be the

packets observed in that interval and 1 2 3pc ={p c,p c,p c....}be the number of packets

observed for each type of packet.

3.8 Maximum bandwidth consumption (mbc) Each request consumes source bytes to send data from source to destination. Each

time interval contains number of requests. Measuring the total bandwidth required in

each time interval helps to identify the attack traffic easily. Ratio of total bandwidth

to absolute time interval gives the maximum bandwidth consumption.

3.9 The dataset preparation For given Normal and Attack transaction sets

NDS and DDS the record sets RSN and

RSD can be formed as follow: Maximum

number of

sessions

Page

access

count

Minimum

time interval

between two

pages

Ratio of

divergent

familiar

sources

Maximum

bandwidth

consumption

Packets

for each

type of

packet

Average

session

time

Each absolute time interval is considered as one record that contains the values of

attributes in order of above defined machine learning metrics. As there was no

International Journal of Pure and Applied Mathematics Special Issue

639

difference in the values of last two parameters of attack and normal traffic, the

experiment was carried out by excluding them.

4. Bio-inspired based Application layer DDoS attack detection Development of novel problem solving techniques has been made possible from the

inspiration of nature that is through bio inspired approach. The applications of

intelligent meta-heuristics algorithms are used in wider area, which are used in

solving difficult problems. Among all the Meta heuristics algorithms, the bio inspired

solving techniques are progressively achieving their importance because these are

very intellectual and can also be adaptable similar to biological organisms. This type

of algorithms creates awareness and they draw attention from scientific area owing to

the growth in the complicated problems, growth in variety of possible results in multi

dimensional hyper planes and inadequate content intended for the decision

making[18].

4.1 Firefly Approach

Various researches are made on the firefly algorithm to provide novel problem

solving approaches. Most of the papers [19] proved that Firefly algorithm is used for

clustering purpose by finding the global optima. Applications of firefly algorithm has

been observed for solving problems with multi-modal functions, continuous and

discrete search based problems, multi search problems, parallel computational

problems and NP hard problems. In proposed approach firefly algorithm is used to

classify the attack traffic and normal traffic.

4.2 Nature of Fireflies

In the summer sky, the flashing light of fireflies is an incredible sight within

the tropical and temperate regions. Most of the fireflies produce short

and swinging flashes. The pattern of flashes is commonly distinctive for a

specific species. The flashing light is made by a method of luminescence, and

therefore the true functions of such signaling are still debating. Draw in pairing

partners for communication and draw in potential prey are two elementary functions

of flashing light[20].

4.3 Classification using firefly algorithm An initial population of fireflies is generated. After this initialization, modify the

parameters needed for fitness, and subsequently the fitness is evaluated for each

firefly in the population. Subsequently, the fireflies may be ranked and best

individuals of a solution may be taken forward for the next round of evaluation.

Number of computations decided in advance can be helpful in controlling the

iterations.

International Journal of Pure and Applied Mathematics Special Issue

640

Firefly Algorithm for classification.

Step1:Generate initial population of firefly Xi, where i=1,2,3,……n, n=number of fireflies

Step2: Define Objective function O(x)

Step3:Define Light Absorption coefficient =1, Randomization parameter =0.2,

Initial Attractiveness 0 =1.0.

Step4: Define Light intensity I is determined by O(x).

Step5: while t < Number of Iterations

Step6: For i=1 to N

Step7: For j=1 to N

Step8: If (Ii < Ij )

Step9: If ( cosine similarity(i,j)>=0.98)

Step10: For each attribute

Step11: Calculate Cartesian Distance as 2

ij i jr = (X - X )

Step12: Calculate Attractiveness using equation 2(-γrij )

0β = β exp

Step13: Move document i to j using equations

i i j i iX = X +β*(X -X )+αε where

i1ε = (rand - )

2

Step14: End for j

Step 15: End for i

Step 16: End while

Step 17: Rank the fireflies and find the current best.

4.4 Application layer DDoS Attack Detection Testing dataset has to be preprocessed by using the dataset preprocessing process.

Prepare the dataset with five attributes as like in the dataset preparation. Calculate the

total weight (light intensity) of the testing records individually. Calculate the cosine

similarity of testing record with both normal and attack signatures and declare

whether the testing record is attack or normal by using the following rules as shown

in table1.

5. Experimental Results 5.1 CAIDA Dataset The proposed technique is tested against CAIDA (Center for Applied Internet Data

Analysis) dataset 2007. Core Objectives of this dataset are collection and sharing of

data for research or scientific analysis of internet traffic, topology, routing,

performance and security related events. Dataset contains the parameters like server

IP address, Timestamp, Time Zone, Object ID/URL of the web page, Response

code/status, Number of bytes sent [22].

5.2 Training & Testing Process

The total number of transactions considered for experiments were 142044 which

includes N (normal-62776) and D (DDoS attack-79268). The total transactions are

partitioned for training and testing into 60%(85226) and 40%(56818) respectively.

Each metric is calculated on the dataset DS which includes N (normal) as DSN and D

(DDoS attack) as DSD and its detection accuracy is assessed. Number of intervals are

267. The number of intervals in normal dataset DSN is 118 in which 60% of

transactions i.e, 72 are considered for the training process and 40% of transactions i.e,

46 for the testing process. The total number of intervals in attack dataset DSD is 149

in which 60% of transactions i.e, 90 are considered for the training process and 40%

of transactions i.e, 59 for the testing process as shown in table2.

International Journal of Pure and Applied Mathematics Special Issue

641

Table 1: Rules defined for attack and normal traffic detection Rule

1

weight of the testing time

interval is less than the normal

classifier weight and greater

than the attack weight

A(w) < T(w) N(w) Normal

Rule2 similarity of testing record with

the normal classifier is more

than 98 percent

similarity(test,normal) 98%

Normal

similarity of testing record with

the attack classifier is more

than 98 percent

similarity(test,attack) 98%

Attack

Rule3 similarity of testing record with

normal classifier is more than

the similarity of testing record

with attack classifier

similarity(test,normal) >

similarity(test,attack)

Normal

Rule4 All the above conditions are

failed

suspicious

Training dataset of DSN is formed into sessions that are of either random or same

timings. Then K-Means algorithm is applied on the training set of normal to prepare

clusters. Clusters have to be grouped to find the time interval value as explained in

machine learning metrics. Now divide the sessions with respective of absolute time

interval value.

Each time interval is considered as one record that contains the value of attributes

defined in metrics. Now the records are given to firefly algorithm to generate single

normal signature. The same process is repeated for attack training dataset to generate

attack signature. Testing dataset is mixture of both normal and attack traffic.

Calculate all the attributes for each interval. Testing time interval Cosine similarity is

calculated with both attack and normal signatures and at last classify the testing time

interval according to proposed rules.

5.3 Performance evaluation The performance of proposed approach is evaluated and results shown in table3.

K.Munivara Prasad proposed ARTP[16] for Detecting Application layer DDoS

attacks by using the Machine learning approach. V Jyothsna, Prasad VV proposed

FAIS [23] and FCAAIS [24] for detecting DDoS attacks. The experiments in above

papers are conducted on the same dataset and results are indicating that these models

are also scalable and robust towards forecasting the DDoS attacks scope of a network

transaction (observed detection accuracy is approx. 91%), but the major obstacle

observed these models are that compared to the proposed model is process

complexity, which influence the statistical metrics defined for measuring the

performance. As per these results, the accuracy of our proposed model was improved

when compared to FCAAIS, ARTP and also attained maximum prediction accuracy

which is shown in Table3 and figure1.

6. Conclusion

Application Layer based HTTP Flood is devised here in this article. In regard to this

we adopted a bio-inspired approach called Firefly algorithm. The initial contribution

is define feature metrics to identify the request stream behavior is of attack intension

or not. Unlike traditional approaches, the feature metrics were assessed on the stream

of requests observed in an absolute time interval rather in a session. Finally the

Firefly algorithm is used to train and Test the records.

International Journal of Pure and Applied Mathematics Special Issue

642

Table 2: Performance metrics evaluation

Total Number of records consider for training and testing 142044

Total Number of intervals consider for training and testing 267

Number of intervals used for training (Normal + Attack) 162

(72+90)

Number of intervals used for testing (Normal + Attack) 105

(46+59)

True Positive(tp) The number of transactions identified as intruded, which

are actually intruded

57

False Positive(fp) The number of transactions identified as normal, which

are actually intruded

2

True Negative(tn) The number of transactions identified as normal, which

are actually normal

43

False Negative(fn) The number of transactions identified as intruded, which

are actually normal.

3

Precision tp

tp + fp

0.966

Recall/sensitivity tp

tp + fn

0.95

Specificity tn

tn + fp

0.955

Accuracy tn + tp

tp + tn + fp + fn 0.952

3

F-Measure recall*precision2*

recall + precision

0.957

8

The devised Firefly algorithm amplified the detection accuracy with minimal process

complexity. The experiments were done using benchmarking dataset CAIDA (Center

for Applied Internet Data Analysis, 2014). Further the training records with machine

learning attributes are used to define the Classifiers to detect the traffic as Normal or

Attack. Overall process observed to be robust and is with minimal process

complexity. Hence the model devised here in this paper is significantly minimized the

computational overhead and retains the maximal prediction accuracy. References

1. Udhayan, J., & Anitha, R. . “Demystifying and Rate Limiting ICMP hosted DoS/DDOS Flooding Attacks with Attack Productivity Analysis”, IEEE international conference on Advance Computing, pp:558-564., 2009.

2. Chun-Tao Xia, X.-H. D.-F.-C. “An Algorithm of Detecting and Defending CC Attack in Real Time.”, International Conference on Industrial Control and Electronics Engineering, pp:1804-1806, 2012.

Table 3. Comparison of the firefly approach with

ARTP and Others

Firefly

algorithm

ARTP FCAAIS

Precision 0.966 0.895 0.869

Recall 0.95 0.985 0.942

Specificity 0.955 0.914 0.894

Accuracy 0.9523 0.944 0.917

F-measure 0.9578 0.938 0.855

Figure 1. Comparison of Firefly with ARTP and

FCAAAIS

International Journal of Pure and Applied Mathematics Special Issue

643

3. Lee, S. M. . “Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures.”, Proceedings of the International Workshop on Security in Parallel and Distributed Systems, pp: 543-550. San Francisco, 2004.

4. Raj kumar, ManishaJitendra Nene, “A survey on latest DoS attacks:classification and defense mechanisms” in the proceedings of International Journal of Innovative Research in Computer and Communication Engineering.vol 1, Issue 8,October 2013.

5. Yadong Wang,Lianzhong Liu et.al, "A survey of defense mechanisms against Application layer distributed denial of service (DDoS) attacks."Communications Surveys & Tutorials, IEEE ,2015.

6. Saman Taghavi Zargar , James Joshi, David Tipper “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks”, IEEE communications surveys & tutorials, accepted for publication,2013.

7. S.Umarani, D. Sharmila , “Predicting Application Layer DDoS Attacks Using Machine Learning Algorithms” World Academy of Science, Engineering and Technology ,International Journal of Computer, Electrical, Automation, Control and Information Engineering Vol:8, No:10, 2014.

8. Fadir Salmen, Paulo R. Galego Hernandes Jr et.al “Using Firefly and Genetic Metaheuristics for Anomaly Detection based on Network Flows”, AICT : The Eleventh Advanced International Conference on Telecommunications.2015.

9. S. Yu, S. Guo, and I. Stojmenovic, “Fool me if you can: Mimicking attacks and anti-attacks in cyberspace,” IEEE Trans. Comput., vol. 64, no. 1, pp. 139-151, Jan. 2015.

10. D. Shona, Dr. M. Senthilkumar “An Ensemble Data Preprocessing Approach for Intrusion Detection System Using variant Firefly and Bk-NN Techniques”, International Journal of Applied Engineering Research ISSN 0973-4562 Volume 11, Number 6 pp 4161-4166,2016.

11. J.Senthilnath , S.N.Omkar, V.Mani “Clustering using firefly algorithm: performance study” ELSEVIER, Swarm and Evolutionary Computation 1, 164-171,2011.

12. Satyajit Yadav, Selvakumar Subramanian “Detection of Application Layer DDoS Attack by Feature Learning Using Stacked Autoencoder” IEEE, International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT),2016.

13. Mikhail Zolotukhin, Timo Hamalainen et.al “Increasing Web Service Availability by Detecting Application-Layer DDoS Attacks in Encrypted Traffic” IEEE, 23rd International Conference on Telecommunications (ICT),2016.

14. Wen, S., Jia, W., Zhou, W., Zhou, W., & Xu, C. "Cald: Surviving various application-layer ddos attacks that mimic flash crowd." Network and System Security (NSS), 2010 4th International Conference on. IEEE, 2010.

15. Ye, Chengxu, Kesong Zheng, and Chuyu She. "Application layer DDoS detection using clustering analysis." Computer Science and Network Technology (ICCSNT), 2012 2nd International Conference on. IEEE, 2012.

16. K.Munivara Prasad, A.Rama Mohan Reddy, K.Venugopal Rao, “Anomaly based Real Time Prevention of under Rated App-DDoS Attacks on Web: An Experiential Metrics based Machine Learning Metrics” ,Indian Journal of Science and Technology , Vol 9(27), DOI:10.17485/ijst/2016/v9i27/87872 ,july 2016.

17. Hartigan, J. A. Algorithm AS 136: “A k-means clustering algorithm.”, Journal of the Royal Statistical Society. Series C (Applied Statistics) , 100-108, 1979.

18. Arpan Kumar Kar , “Bio Inspired Computing – A Review of Algorithms and Scope of Applications”, Expert Systems With Applications (2016), doi: 10.1016/j.eswa.2016.04.018

19. Athraa Jasim Mohammed, Yuhanis Yusof et.al “Determining Number of Clusters using Firefly Algorithm with Cluster Merging for Text Clustering” ,Springer International publishing Switzerland, 2015.

20. Xin-She Yang “Firefly Algorithms for Multimodal Optimization” ,Springer –Verlag Berlin Heidelberg, 2009.

21. W. H. Gomaa, “A Survey of Text Similarity Approaches,” International Journal of Computer Applications , vol. 68, no. 13, pp. 13–18, 2013.

22. TheCAIDAUCSD"DDoSAttack2007"Dataset

http://www.caida.org/data/passive/ddos-20070804_dataset.xml

23. V.Jyothsna, V V Rama Prasad; “ Anomaly based Network Intrusion Detection through assessing Feature Association Impact Scale (FAIS); “,Inderscience, International Journal of Information and Computer Security (IJICS), 2016 (*in forthcoming article).

24. V.Jyothsna, V V Rama Prasad; “ FCAAIS: Anomaly based network intrusion detection through feature correlation analysis and association impact scale,”, ICT Express, The Korean Institute of Communications Information Sciences, Elsevier, August 2016 (Article in press)

International Journal of Pure and Applied Mathematics Special Issue

644

645

646