{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T13:49:02Z","timestamp":1767707342995,"version":"build-2065373602"},"reference-count":22,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2019,11,26]],"date-time":"2019-11-26T00:00:00Z","timestamp":1574726400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>A denial of service (DoS) attack in a computer network is an attack on the availability of computer resources to prevent users from having access to those resources over the network. Denial of service attacks can be costly, capable of reaching $100,000 per hour. Development of easily-accessible, simple DoS tools has increased the frequency and reduced the level of expertise needed to launch an attack. Though these attack tools have been available for years, there has been no proposed defense mechanism targeted specifically at them. Most defense mechanisms in literature are designed to defend attacks captured in datasets like the KDD Cup 99 dataset from 20 years ago and from tools no longer in use in modern attacks. In this paper, we capture and analyze traffic generated by some of these DoS attack tools using Wireshark Network Analyzer and propose a signature-based DoS detection mechanism based on SVM classifier to defend against attacks launched by these attack tools. Our proposed detection mechanism was tested with Snort IDS and compared with some already existing defense mechanisms in literature and had a high detection accuracy, low positive rate and fast detection time.<\/jats:p>","DOI":"10.3390\/computers8040085","type":"journal-article","created":{"date-parts":[[2019,11,26]],"date-time":"2019-11-26T10:57:27Z","timestamp":1574765847000},"page":"85","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2830-8288","authenticated-orcid":false,"given":"Kotey Seth","family":"Djanie","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi AK000-AK911, Ghana"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3242-9747","authenticated-orcid":false,"given":"Tchao Eric","family":"Tutu","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi AK000-AK911, Ghana"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gadze James","family":"Dzisi","sequence":"additional","affiliation":[{"name":"Department of Telecommunications Engineering, Kwame Nkrumah University of Science and Technology, Kumasi AK000-AK911, Ghana"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2019,11,26]]},"reference":[{"key":"ref_1","first-page":"287","article-title":"Forensics of Random-UDP Flooding Attacks","volume":"10","author":"Bijalwan","year":"2015","journal-title":"J. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Kolahi, S., Treseangrat, K., and Sarrafpour, B. (2015, January 17\u201319). Analysis of UDP DDoS flood cyber attack and defense mechanisms on Web Server with Linux Ubuntu 13. Proceedings of the 2015 International Conference on Communications, Signal Processing, and their Applications (ICCSPA\u201915), Sharjah, UAE.","DOI":"10.1109\/ICCSPA.2015.7081286"},{"key":"ref_3","unstructured":"(2019, August 20). Miniwatts Marketing Group INTERNET USAGE STATISTICS. Available online: https:\/\/internetworldstats.com\/stats.htm."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Kolahi, S., Alghalbi, A.A., Alotaibi, A.F., Ahmed, S.S., and Lad, D. (2014, January 6\u20138). Performance comparison of defense mechanisms against TCP SYN flood DDoS attack. Proceedings of the 2014 6th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), St. Petersburg, Russia.","DOI":"10.1109\/ICUMT.2014.7002093"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Dua, S., and Du, X. (2016). Data Mining and Machine Learning in Cybersecurity, Auerbach Publications. [1st ed.].","DOI":"10.1201\/b10867"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Grance, T., Kent, K., and Kim, B. (2004). Computer Security Incident Handling Guide.","DOI":"10.6028\/NIST.SP.800-61"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"13","DOI":"10.3103\/S0146411616060043","article-title":"An Approach for Detecting and Preventing DDoS Attacks in Campus","volume":"51","author":"Merouane","year":"2017","journal-title":"Autom. Control Comput. Sci."},{"key":"ref_8","unstructured":"Amazon Web Services (2016). AWS Best Practices for DDoS Resiliency, Amazon Web Services."},{"key":"ref_9","unstructured":"(2019, August 20). Newman, Lily Hay, GitHub Survived the Biggest DDoS Attack Ever Recorded. Available online: https:\/\/www.wired.com\/story\/github-ddos-memcached."},{"key":"ref_10","unstructured":"(2019, August 20). Morales, Carlos, NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us. Available online: https:\/\/www.netscout.com\/blog\/asert\/netscout-arbor-confirms-17-tbps-ddos-attack-terabit-attack-era."},{"key":"ref_11","unstructured":"Matthews, T. (2014). Incapsula Survey: What DDoS Attacks Really Cost Businesses, News Coverage, Awards and Press Releases."},{"key":"ref_12","unstructured":"Imperva Inc (2019, August 20). DDoS Attack Scripts. Available online: https:\/\/www.imperva.com\/learn\/application-security\/ddos-attack-scripts\/."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kotey, S., Tchao, E., and Gadze, J. (2019). On Distributed Denial of Service Current Defense Schemes. Technologies, 7.","DOI":"10.3390\/technologies7010019"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"537","DOI":"10.1093\/comjnl\/bxt031","article-title":"Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions","volume":"4","author":"Bhuyan","year":"2014","journal-title":"Comput. J."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Bukac, V., and Matyas, V. (2015, January 3\u20137). Analyzing Traffic Features of Common Standalone DoS Attack Tools. Proceedings of the 5th International Conference on Security, Privacy, and Applied Cryptography Engineering, Jaipur, India.","DOI":"10.1007\/978-3-319-24126-5_2"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Mahadev, V.K., and Kumar, K. (October, January 30). Classification of DDoS attack tools and its handling techniques and strategy at application layer. Proceedings of the 2016 2nd International Conference on Advances in Computing, Communication, Automation (ICACCA) (Fall), Bareilly, India.","DOI":"10.1109\/ICACCAF.2016.7749002"},{"key":"ref_17","first-page":"383","article-title":"Characterization and Comparison of DDoS Attack Tools and Traffic Generators\u2014A Review","volume":"19","author":"Behal","year":"2017","journal-title":"Int. J. Netw. Secur."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Yusof, M.A.M., Ali, F.H.M., and Darus, M.Y. (2018). Detection and Defense Algorithms of Different Types of DDoS Attacks Using Machine Learning. Comput. Sci. Technol., 370\u2013379.","DOI":"10.1007\/978-981-10-8276-4_35"},{"key":"ref_19","first-page":"37","article-title":"Effective approach toward Intrusion Detection System using data mining techniques","volume":"15","author":"Nadiammai","year":"2013","journal-title":"Egypt. Inf. J."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Li, C., Yang, Z., Li, F., and Yang, Y. (2015, January 6\u201310). A Lightweight DDoS Flooding Attack Detection Algorithm Based on Synchronous Long Flows. Proceedings of the IEEE Global Communications Conference (GLOBECOM), San Diego, CA, USA.","DOI":"10.1109\/GLOCOM.2015.7417159"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Pramana, M., Purwanto, Y., and Suratman, F. (2016, January 13\u201315). DDoS detection using modified K-means clustering with chain initialization over landmark window. Proceedings of the International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC), Bandung, Indonesia.","DOI":"10.1109\/ICCEREC.2015.7337056"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Yadav, S., and Selvakumar, S. (2015, January 2\u20134). Detection of application layer DDoS attack by modeling user behavior using logistic regression. Proceedings of the 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Noida, India.","DOI":"10.1109\/ICRITO.2015.7359289"}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/8\/4\/85\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:37:42Z","timestamp":1760189862000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/8\/4\/85"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,26]]},"references-count":22,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2019,12]]}},"alternative-id":["computers8040085"],"URL":"https:\/\/doi.org\/10.3390\/computers8040085","relation":{},"ISSN":["2073-431X"],"issn-type":[{"type":"electronic","value":"2073-431X"}],"subject":[],"published":{"date-parts":[[2019,11,26]]}}}