Detection & study of DDoS attacks via entropy in data network models

We detect & study packet traffic anomalies similar to DDoS attacks using information entropy. We perform network-wide monitoring of information entropy of packet traffic at a small number of selected routers. Our method is based on the fact that DDoS attacks change the “natural” order and randomness of packet traffic passing through monitored routers when an attack is taking place in the network. Through this change we detect the start of the attack and study its evolution. We conduct this study for packet-switching networks using static and dynamic routing.

[1]  Jian Yuan,et al.  Monitoring the macroscopic effect of DDoS flooding attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[2]  Anna T. Lawniczak,et al.  Netzwerk: migration of a packet-switching network simulation environment from MS Windows PC to Linux PC and to HPC , 2005, 19th International Symposium on High Performance Computing Systems and Applications (HPCS'05).

[3]  Alberto Leon-Garcia,et al.  Communication Networks: Fundamental Concepts and Key Architectures , 1999 .

[4]  Ravishankar K. Iyer,et al.  Editorial: State of the Journal Address , 2005, IEEE Trans. Dependable Secur. Comput..

[5]  A.T. Lawniczak,et al.  Building blocks of a simulation environment of the OSI network layer of packet-switching networks , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[6]  Antonio Nucci,et al.  Controlled Chaos [Internet Security] , 2007, IEEE Spectrum.

[7]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[8]  Jianying Zhou,et al.  DDoS Attack Detection Algorithms Based on Entropy Computing , 2007, ICICS.

[9]  Nevil Brownlee,et al.  Network Event Detection with T-Entropy , 2005 .

[10]  A.T. Lawniczak,et al.  Development and performance of cellular automaton model of OSI network layer of packet-switching networks , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[11]  Anna T. Lawniczak,et al.  OSI Network‐layer Abstraction: Analysis of Simulation Dynamics and Performance Indicators , 2005 .

[12]  A. Dunker,et al.  Controlled Chaos , 2008, Science.