An Enhanced Entropy Approach to Detect and Prevent DDoS in Cloud Environment

Distributed Denial of Service (DDoS) attack launched in Cloud computing environment resulted in loss of sensitive information, Data corruption and even rarely lead to service shutdown. Entropy based DDoS mitigation approach analyzes the heuristic data and acts dynamically according to the traffic behavior to effectively segregate the characteristics of incoming traffic. Heuristic data helps in detecting the traffic condition to mitigate the flooding attack. Then, the traffic data is analyzed to distinguish legitimate and attack characteristics. An additional Trust mechanism has been deployed to differentiate legitimate and aggressive legitimate users. Hence, Goodput of Datacenter has been improved by detecting and mitigating the incoming traffic threats at each stage. Simulation results proved that the Enhanced Entropy approach behaves better at DDoS attack prone zones. Profit analysis also proved that the proposed mechanism is deployable at Datacenter for attack mitigation and resource protection which eventually results in beneficial service at slenderized revenue

[1]  Suratose Tritilanunt,et al.  Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks , 2010, 2010 10th International Symposium on Communications and Information Technologies.

[2]  P. Varalakshmi,et al.  Thwarting DDoS attacks in grid using information divergence , 2013, Future Gener. Comput. Syst..

[3]  Jin Wang,et al.  A new relative entropy based app-DDoS detection method , 2010, The IEEE symposium on Computers and Communications.

[4]  N. Jeyanthi,et al.  An Entropy Based Approach to Detect and Distinguish DDoS Attacks from Flash Crowds in VoIP Networks , 2012, Int. J. Netw. Secur..

[5]  Wanlei Zhou,et al.  Information theory based detection against network behavior mimicking DDoS attacks , 2008, IEEE Communications Letters.

[6]  Ramiro Liscano,et al.  Simulation of DDOS Attacks on P2P Networks , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.

[7]  Taieb Znati,et al.  Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach , 2010, IEEE Transactions on Parallel and Distributed Systems.

[8]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[9]  Akihiro Nakao,et al.  OverCourt: DDoS mitigation through credit-based traffic segregation and path migration , 2010, Comput. Commun..

[10]  Dinesh Kumar,et al.  Improving Network Performance and mitigate DDoS attacks using Analytical Approach under Collaborative Software as a Service (SaaS) Cloud Computing Environment , 2011 .

[11]  Wei Xiong,et al.  A Novel Distributed Detection Scheme against DDoS Attack , 2009, J. Networks.

[12]  Chun-Ying Huang,et al.  A fuzzy pattern-based filtering algorithm for botnet detection , 2011, Comput. Networks.

[13]  N. Jeyanthi,et al.  MAC Based Routing Table Approach to Detect and Prevent DDoS Attacks and Flash Crowds in VoIP Networks , 2011 .

[14]  Dinesh Kumar,et al.  A Reactive Defense Mechanism based on an Analytical Approach to Mitigate DDoS Attacks and Improve Network Performance , 2011 .

[15]  R. Anitha,et al.  Mitigation of Application Traffic DDoS Attacks with Trust and AM Based HMM Models . , 2010 .

[16]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[17]  Rakesh Kumar Jha,et al.  A performance Comparison with cost for QoS Application in On-Demand Cloud Computing , 2011, 2011 IEEE Recent Advances in Intelligent Computational Systems.

[18]  Chi Zhou,et al.  Sketch-Based SIP Flooding Detection Using Hellinger Distance , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[19]  Ke Lu,et al.  An Entropy-based Method for Attack Detection in Large Scale Network , 2012, Int. J. Comput. Commun. Control.

[20]  Upena D Dalal,et al.  On demand cloud computing performance analysis with low cost for QoS application , 2011, 2011 International Conference on Multimedia, Signal Processing and Communication Technologies.

[21]  Ilkyeun Ra,et al.  An efficient and reliable DDoS attack detection using a fast entropy computation method , 2009, 2009 9th International Symposium on Communications and Information Technology.

[22]  N. Jeyanthi,et al.  Packet Resonance Strategy: A Spoof Attack Detection and Prevention Mechanism in Cloud Computing Environment , 2012, Int. J. Commun. Networks Inf. Secur..

[23]  Hemant Sengar,et al.  Overloading vulnerability of VoIP networks , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.