An Entropy Based Approach to Detect and Distinguish DDoS Attacks from Flash Crowds in VoIP Networks

Voice over IP (VoIP) is a facility of providing voice services in accordance with IP (Internet Protocol) which provides better QoS (Quality of Service) than Public Switched Telephone Network (PSTN) at comparatively less cost.. Since Internet sufiers from various threats, VoIP, which uses IP for servicing the Clients also results in stepping down QoS. One of the major QoS threats is Server Availability. Attackers defeat the server processing capability and gain control over the server by ∞ooding lot of messages or requests and make server resources unavailable to the genuine user, resulting in DDoS (Distributed Denial of Service). But the server must predict the legitimate ∞ood namely Flash crowd and malicious attack ∞ooding usually DDoS. Both DDoS and Flash crowd creates abnormal tra‐c condition, but in order to improve Goodput, the server must be deployed with the mechanism that should classify legitimate and malicious call requests. This paper observes the tra‐c condition and the purpose of dealings varies which helps in outwitting the attackers. We also use the entropy packet analysis to minimize the tra‐c reaching the server. NS2 (Network Simulator 2) with SIP (Session Initiation Protocol) is ued to experiment and analyze the proposed work.

[1]  Tamilarasi Angamuthu,et al.  An Autonomous Framework for Early Detection of Spoofed Flooding Attacks , 2010, Int. J. Netw. Secur..

[2]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[3]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[4]  Jin Wang,et al.  A new relative entropy based app-DDoS detection method , 2010, The IEEE symposium on Computers and Communications.

[5]  B. B. Gupta,et al.  ANN Based Scheme to Predict Number of Zombies in a DDoS Attack , 2012, Int. J. Netw. Secur..

[6]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[7]  Jonathan D. Rosenberg,et al.  Network Working Group Requirements for Management of Overload in the Session Initiation Protocol , 2008 .

[8]  Ming Li,et al.  DDoS attacks detection model and its application , 2008 .

[9]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[10]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[11]  Thiagarajan Hamsapriya,et al.  Statistical Segregation Method to Minimize the False Detections During DDoS Attacks , 2011, Int. J. Netw. Secur..

[12]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[13]  Wanlei Zhou,et al.  Discriminating DDoS Flows from Flash Crowds Using Information Distance , 2009, 2009 Third International Conference on Network and System Security.

[14]  Daniel S. Yeung,et al.  A covariance analysis model for DDoS attack detection , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[15]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[16]  Jie Zhang,et al.  An advanced entropy-based DDOS detection scheme , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[17]  Henning Schulzrinne,et al.  Session Initiation Protocol (SIP) , 2003 .

[18]  Mohammad Zulkernine,et al.  Detecting Flooding-Based DDoS Attacks , 2007, 2007 IEEE International Conference on Communications.

[19]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[20]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[21]  Pascal Spincemaille,et al.  The mutual affinity of random measures , 2003, Period. Math. Hung..

[22]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[23]  Sushil Jajodia,et al.  Online detection of network traffic anomalies using behavioral distance , 2009, 2009 17th International Workshop on Quality of Service.

[24]  V. Kamakshi Prasad,et al.  Detecting and Preventing IP-spoofed DDoS Attacks by Encrypted Marking Based Detection and Filtering (EMDAF) , 2009, 2009 International Conference on Advances in Recent Technologies in Communication and Computing.

[25]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[26]  Günter Schäfer,et al.  DENIAL OF SERVICE ATTACKS AND SIP INFRASTRUCTURE Attack Scenarios and Prevention Mechanisms , 2004 .

[27]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.