International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 02 Issue: 03 | June-2015 www.irjet.net p-ISSN: 2395-0072 © 2015, IRJET.NET- All Rights Reserved Page 372 Layered architecture for DoS attack detection system by combine approach of Naive bayes and Improved K-means Clustering Algorithm Mangesh Salunke 1 , Ruhi Kabra 2 , Ashish Kumar 3 1 PG Student, Computer Eng, GHRCEM,SPPU, Maharashtra, INDIA 2 Asst Professor, Computer Eng, GHRCEM,SPPU, Maharashtra, INDIA 3 Asst Professor, Computer Eng, GHRCEM,SPPU, Maharashtra, INDIA ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - The aim of a DoS attack is to consume the resources of a victim or the resources on the way to communicate with a victim. By wasting the victim’s resources, the attacker disallows it from serving legitimate customers. A victim can be a host, server, router, or any computing entity connected to the network. DoS attack can cause harm to these computer and network services. Therefore, effective detection of DoS attacks is essential to the protection of network and resources. Detection System is built by using layered frame work approach for an effective attack detection system. The proposed system will create own data set by analyzing the incoming packets in real time system, by comparing with previous existing system that uses Knowledge Discovery & Data Mining(KDD) 1999 dataset, and classify the DoS Attack such as SYN Flood, Ping Flood, UDP Flood. Key Words: Network Security; DoS Attack; DoS detection system; Naïve Bayes; K-means clustering; Real time IDS 1. INTRODUCTION Attack is nothing but a Violation of security policy of system. There can be possibly two types of attack, Active attack, in which contains of original message are modified by attacker. Passive attack, in which attacker only aims to gain the transit information. Attacks can be classified as below: Network based attack: These types of attacks are launched from a device other than those under attack. In this attacker uses one or more devices to overload the server with so much traffic so that server cannot respond to authorize user’s request. Host based attack:Attackers exploit vulnerabilities of system and application to launch the DoS attack. These types of attacks are application specific, i.e., exploiting algorithms, memory structure, authentication protocols etc., which makes it different from network based attack. The traffic of host based attacks may not be as high as network based attacks, because application flaws and deficiencies can easily crash applications or consume a tremendous amount of computer resources 1.1 Security goals -Confidentiality: Hiding transmitted data from unauthorized users. -Integrity: Preventing transmitted data from unauthorized modification. -Availability: Ensures for authorize user the data or system is always available. [1] . Fig1: Goals of security and treats 1.2 DoS Attack )t’s nothing but Denial of service attack. As name suggest the attacker prevents or deny the service of the authorize user. Attacker prevents the access of system or resources to be used to its authorize user. The main goal or aim of DoS attack is to disturb the activity of authorize user that may be accessing server, some resources, browsing web pages, accessing social networking sites etc. DoS attack can be perform in two ways such as one way is attacker crash the services and in another way attacker sends vast amount of traffic to consume the resources, in both ways all of the targets critical resources are busy to handling the attack traffic therefore they are unavailable to authorize user [2]. Aims of DoS attack are: -Consuming the bandwidth by sending large volume traffic. -Consume limited available resources by sending specific type of packets. -Flooding packets to crash or overload the network