Deakin home > Deakin University Library > Deakin Research Online > Information theory based detection against network behavior mimicking DDoS attacks

Information theory based detection against network behavior mimicking DDoS attacks

Yu, Shui, Zhou, Wanlei and Doss, Robin 2008, Information theory based detection against network behavior mimicking DDoS attacks, IEEE communication letters, vol. 12, no. 4, pp. 319-321.

Attached Files (Some files may be inaccessible until you login with your Deakin Research Online credentials)
Name Description MIMEType Size Downloads

Title Information theory based detection against network behavior mimicking DDoS attacks
Author(s) Yu, Shui
Zhou, Wanlei
Doss, Robin
Journal name IEEE communication letters
Volume number 12
Issue number 4
Start page 319
End page 321
Publisher IEEE
Place of publication USA
Publication date 2008-04
ISSN 1089-7798
Keyword(s) DDoS detection
distribution distance
Summary DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. We observed that the zombies use controlled function(s) to pump attack packages to the victim, therefore, the attack flows to the victim are always share some properties, e.g. packages distribution behaviors, which are not possessed by legitimate flows in a short time period. Based on this observation, once there appear suspicious flows to a server, we start to calculate the distance of the package distribution behavior among the suspicious flows. If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. Our analysis and the preliminary experiments indicate that the proposed method- can discriminate mimicking flooding attacks from legitimate accessing efficiently and effectively.
Language eng
Field of Research 100503 Computer Communications Networks
HERDC Research category C1 Refereed article in a scholarly journal
Copyright notice ©2008, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30017608

Document type: Journal Article
Collection: School of Engineering and Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in Deakin Research Online is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 6 times in TR Web of Science
Scopus Citation Count Cited 17 times in Scopus
Access Statistics: 367 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Fri, 14 Aug 2009, 13:55:11 EST