An advanced entropy-based DDOS detection scheme

Prior work has shown entropy-based DDOS detection is suitable for detecting low-rate DOS. A key challenge in this approach is to determine the most suitable threshold for detecting DDOS attacks accurately. To address this challenge, we propose an advanced entropy-based (AEB) scheme, which divides variable rate DDOS attacks into different fields and treats each field with different methods. Compared with prior entropy-based approaches, our scheme has significant better performance on distinguishing waves of legal traffic and flash crowds from low-rate DOS. We validate the effectiveness of our scheme by conducting extensive simulation in NS-2. Both theoretical analysis and experimental results show that our scheme can efficiently detect DDOS attacks with high accuracy.

[1]  Dongqing Xie,et al.  A P2P-Based Distributed Detection Scheme against DDoS Attack , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[2]  R.C. Joshi,et al.  A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain , 2007, 2007 International Conference on Signal Processing, Communications and Networking.

[3]  Ting Li,et al.  Botnet Detection Based on Analysis of Mail Flow , 2009, 2009 2nd International Conference on Biomedical Engineering and Informatics.

[4]  Wanlei Zhou,et al.  Entropy-Based Collaborative Detection of DDOS Attacks on Community Networks , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[5]  Yau-Hwang Kuo,et al.  An On-line DDoS Attack Traceback and Mitigation System Based on Network Performance Monitoring , 2008, 2008 10th International Conference on Advanced Communication Technology.

[6]  Man Qi P2P network-targeted DDoS attacks , 2009, 2009 Second International Conference on the Applications of Digital Information and Web Technologies.

[7]  Tzi-cker Chiueh,et al.  Automatic Patch Generation for Buffer Overflow Attacks , 2007 .

[8]  Wanlei Zhou,et al.  Information theory based detection against network behavior mimicking DDoS attacks , 2008, IEEE Communications Letters.

[9]  Akihiro Nakao,et al.  Overfort: Combating DDoS with peer-to-peer DDoS puzzle , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[10]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[11]  Jelena Mirkovic,et al.  Combining Speak-Up with DefCOM for Improved DDoS Defense , 2008, 2008 IEEE International Conference on Communications.

[12]  H. Jonathan Chao,et al.  A Principal Components Analysis-Based Robust DDoS Defense System , 2008, 2008 IEEE International Conference on Communications.

[13]  Hui Lin,et al.  Research on the fsPB of Arbitrary Collimator Rotational Angle by Coordinate Transformation , 2009, 2009 2nd International Conference on Biomedical Engineering and Informatics.

[14]  Anjali Sardana,et al.  Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain , 2007 .

[15]  Wanlei Zhou,et al.  Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics , 2009, 2009 Third International Conference on Network and System Security.

[16]  Tai-hoon Kim,et al.  Deciding Optimal Entropic Thresholds to Calibrate the Detection Mechanism for Variable Rate DDoS Attacks in ISP Domain , 2008 .