DDoS Attacks Defense System Using Information Metrics

A Distributed Denial-of-Service (DDoS) attack is a distributed, coordinated attack on the availability of services of a target system or network that is launched indirectly through many compromised computing systems. A low-rate DDoS attack is an intelligent attack that the attacker can send attack packets to the victim at a sufficiently low rate to elude current anomaly-based detection. An information metric can quantify the differences of network traffic with various probability distributions. In this paper, an anomaly-based approach using two new information metrics such as the generalized entropy metric and the information distance metric, to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic is proposed. DDoS attacks detection metric is combined with IP traceback algorithm to form an effective collaborative defense mechanism against DDoS attacks.

[1]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[2]  Wanlei Zhou,et al.  Information theory based detection against network behavior mimicking DDoS attacks , 2008, IEEE Communications Letters.

[3]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Wanlei Zhou,et al.  Effective metric for detecting distributed denial-of-service attacks based on information divergence , 2009, IET Commun..

[5]  Zhang Qifei,et al.  Detection of Low-rate DDoS Attack Based on Self-Similarity , 2010, 2010 Second International Workshop on Education Technology and Computer Science.

[6]  Jianping Yin,et al.  Detecting DDoS attacks using conditional entropy , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[7]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[8]  Ilkyeun Ra,et al.  An efficient and reliable DDoS attack detection using a fast entropy computation method , 2009, 2009 9th International Symposium on Communications and Information Technology.

[9]  Wanlei Zhou,et al.  Chaos theory based detection against network mimicking DDoS attacks , 2009, IEEE Communications Letters.