You are not logged in.
Openly accessible

Information theory based detection against network behavior mimicking DDoS attacks

Yu, Shui, Zhou, Wanlei and Doss, Robin 2008, Information theory based detection against network behavior mimicking DDoS attacks, IEEE communications letters, vol. 12, no. 4, pp. 319-321, doi: 10.1109/LCOMM.2008.072049.

Attached Files
Name Description MIMEType Size Downloads
yu-informationtheory-2008.pdf Published version application/pdf 237.85KB 263

Title Information theory based detection against network behavior mimicking DDoS attacks
Author(s) Yu, ShuiORCID iD for Yu, Shui orcid.org/0000-0003-4485-6743
Zhou, WanleiORCID iD for Zhou, Wanlei orcid.org/0000-0002-1680-2521
Doss, RobinORCID iD for Doss, Robin orcid.org/0000-0001-6143-6850
Journal name IEEE communications letters
Volume number 12
Issue number 4
Start page 319
End page 321
Total pages 3
Publisher IEEE
Place of publication USA
Publication date 2008-04
ISSN 1089-7798
Keyword(s) DDoS detection
distribution distance
Summary DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. We observed that the zombies use controlled function(s) to pump attack packages to the victim, therefore, the attack flows to the victim are always share some properties, e.g. packages distribution behaviors, which are not possessed by legitimate flows in a short time period. Based on this observation, once there appear suspicious flows to a server, we start to calculate the distance of the package distribution behavior among the suspicious flows. If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. Our analysis and the preliminary experiments indicate that the proposed method- can discriminate mimicking flooding attacks from legitimate accessing efficiently and effectively.
Notes This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
Language eng
DOI 10.1109/LCOMM.2008.072049
Field of Research 100503 Computer Communications Networks
Socio Economic Objective 890299 Computer Software and Services not elsewhere classified
HERDC Research category C1 Refereed article in a scholarly journal
Copyright notice ©2008, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30017608

Document type: Journal Article
Collections: School of Engineering and Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 21 times in TR Web of Science
Scopus Citation Count Cited 44 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 650 Abstract Views, 263 File Downloads  -  Detailed Statistics
Created: Fri, 14 Aug 2009, 13:55:11 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.