On selection of attributes for entropy based detection of DDoS

Distributed Denial of service (DDoS) attack is an attempt to prevent the legitimate users from using services provided by service providers. This is done through flooding their server with the unnecessary traffic. These attacks are performed on some prestigious web sites like Yahoo, Amazon and on various cloud service providers. The severity of the attack is very high, as a result the server goes down for the indefinite period of time. To detect such attempts, various methods were proposed. In this paper, an entropy-based approach is used to detect the DDoS attack. We have analyzed the effect on the entropy of all the useful packet attributes during DDoS attack and tested their usefulness against famous types of distributed denial of service attacks. During analysis, we have explained the proper choice of attributes one should make to get a better threshold during DDoS detection.

[1]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[2]  Kimberly C. Claffy,et al.  Nightlights: Entropy-Based Metrics for Classifying Darkspace Traffic Patterns , 2014, PAM.

[3]  Martine Bellaïche,et al.  SYN Flooding Attack Detection Based on Entropy Computing , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[4]  Hyunwoo Kim,et al.  An Effective DDoS Attack Detection and Packet-Filtering Scheme , 2006, IEICE Trans. Commun..

[5]  Shiuh-Pyng Shieh,et al.  Defending against spoofed DDoS attacks with path fingerprint , 2005, Comput. Secur..

[6]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[7]  Jianying Zhou,et al.  DDoS Attack Detection Algorithms Based on Entropy Computing , 2007, ICICS.

[8]  Christian Callegari,et al.  Advances in Computing, Communications and Informatics (ICACCI) , 2015 .

[9]  Shunji Abe,et al.  Detecting DoS attacks using packet size distribution , 2007, 2007 2nd Bio-Inspired Models of Network, Information and Computing Systems.

[10]  Dimitris Gavrilis,et al.  Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features , 2005, Comput. Networks.

[11]  Jae-Hyun Jun,et al.  DDoS Attack Detection Using Flow Entropy and Packet Sampling on Huge Networks , 2014 .