DDoS attack detection at local area networks using information theoretical metrics

Tao, Yuan and Yu, Shui 2013, DDoS attack detection at local area networks using information theoretical metrics, in TrustCom 2013 : Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE Computer Society, Piscataway, N.J., pp. 233-240.

Attached Files
Name Description MIMEType Size Downloads

Title DDoS attack detection at local area networks using information theoretical metrics
Author(s) Tao, Yuan
Yu, Shui
Conference name Trust, Security and Privacy in Computing and Communications. IEEE Conference (12th : 2013 : Melbourne, Victoria)
Conference location Melbourne, Victoria
Conference dates 16-18 Jul. 2013
Title of proceedings TrustCom 2013 : Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Editor(s) [Unknown]
Publication date 2013
Conference series IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Start page 233
End page 240
Total pages 8
Publisher IEEE Computer Society
Place of publication Piscataway, N.J.
Keyword(s) DDoS
Detection
Information Metric
Summary DDoS attacks are one of the major threats to Internet services. Sophisticated hackers are mimicking the features of legitimate network events, such as flash crowds, to fly under the radar. This poses great challenges to detect DDoS attacks. In this paper, we propose an attack feature independent DDoS flooding attack detection method at local area networks. We employ flow entropy on local area network routers to supervise the network traffic and raise potential DDoS flooding attack alarms when the flow entropy drops significantly in a short period of time. Furthermore, information distance is employed to differentiate DDoS attacks from flash crowds. In general, the attack traffic of one DDoS flooding attack session is generated by many bots from one botnet, and all of these bots are executing the same attack program. As a result, the similarity among attack traffic should higher than that among flash crowds, which are generated by many random users. Mathematical models have been established for the proposed detection strategies. Analysis based on the models indicates that the proposed methods can raise the alarm for potential DDoS flooding attacks and can differentiate DDoS flooding attacks from flash crowds with conditions. The extensive experiments and simulations confirmed the effectiveness of our proposed detection strategies.
ISBN 9780769550220
Language eng
Field of Research 080303 Computer System Security
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1 Full written paper - refereed
ERA Research output type E Conference publication
HERDC collection year 2013
Copyright notice ©2013, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30061637

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 26 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Tue, 18 Mar 2014, 08:28:53 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.