LeCAM: A novel metric for detecting DDoS attacks

Presently in the technological era, Internet is the sole medium to access and run web based services such as a business, banking, education, e-commerce, weather forecasting, etc. Because of the increasing usage of such services and dependency on the Internet, many types of malware threats have emerged over the time that affects the timely delivery of these services. Distributed Denial of Service (DDoS) attack is one of such crucial threats. Many researchers have proposed diversified DDoS detection approaches using information theory based entropy and divergence detection metrics in the past. This paper proposes to use a novel LeCam divergence metric to detect different types of DDoS attacks based on flow similarity between the network traffic flows. The effectiveness of the proposed approach is corroborated using widely used benchmarked MIT Lincoln and CAIDA datasets along with DDoSTB dataset. The results show that the novel LeCam Divergence metric is more effective as compared to the traditional Kullbeck-Leibler, Bhattacharyya and Pearson Divergence measures.

[1]  Nazife Baykal,et al.  Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance , 2019, 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN).

[2]  Mohammed A. Saleh,et al.  A Novel Protective Framework for Defeating HTTP-Based Denial of Service and Distributed Denial of Service Attacks , 2015, TheScientificWorldJournal.

[3]  Sunny Behal,et al.  An experimental analysis for malware detection using extrusions , 2011, 2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011).

[4]  Krishan Kumar,et al.  A traffic cluster entropy based approach to distinguish DDoS attacks from flash event using DETER testbed , 2014 .

[5]  Sunny Behal,et al.  Detection of DDoS attacks and flash events using novel information theory metrics , 2017, Comput. Networks.

[6]  Farouk Kamoun,et al.  DDoS flooding attack detection scheme based on F-divergence , 2012, Comput. Commun..

[7]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[8]  Sunny Behal,et al.  D-FAC: A novel ϕ-Divergence based distributed DDoS defense system , 2018, J. King Saud Univ. Comput. Inf. Sci..

[9]  Sunny Behal,et al.  Detection of DDoS attacks and flash events using information theory metrics-An empirical investigation , 2017, Comput. Commun..

[10]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[11]  Sunny Behal,et al.  An information divergence based approach to detect flooding DDoS attacks and Flash Crowds , 2017, 2017 3rd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT).

[12]  Ahmed Mehaoua,et al.  Anomaly detection in network traffic using Jensen-Shannon divergence , 2012, 2012 IEEE International Conference on Communications (ICC).

[13]  홍원기,et al.  A Flow-based Method for Abnormal Network Traffic Detection , 2004 .

[14]  Wanlei Zhou,et al.  Discriminating DDoS Flows from Flash Crowds Using Information Distance , 2009, 2009 Third International Conference on Network and System Security.