Deakin University
Browse

Entropy-based collaborative detection of DDOS attacks on community networks

Download (161.21 kB)
conference contribution
posted on 2008-01-01, 00:00 authored by Shui Yu, Wanlei Zhou
A community network often operates with the same Internet service provider domain or the virtual network of different entities who are cooperating with each other. In such a federated network environment, routers can work closely to raise early warning of DDoS attacks to void catastrophic damages. However, the attackers simulate the normal network behaviors, e.g. pumping the attack packages as poisson distribution, to disable detection algorithms. It is an open question: how to discriminate DDoS attacks from surge legitimate accessing. We noticed that the attackers use the same mathematical functions to control the speed of attack package pumping to the victim. Based on this observation, the different attack flows of a DDoS attack share the same regularities, which is different from the real surging accessing in a short time period. We apply information theory parameter, entropy rate, to discriminate the DDoS attack from the surge legitimate accessing. We proved the effectiveness of our method in theory, and the simulations are the work in the near future. We also point out the future directions that worth to explore in the future.

History

Pagination

566 - 571

Location

Hong Kong

Open access

  • Yes

Start date

2008-03-17

End date

2008-03-21

ISBN-10

076953113X

Language

eng

Publication classification

E1 Full written paper - refereed

Copyright notice

2008, IEEE

Title of proceedings

Proceedings of the 6th Annual IEEE International Conference on Pervasive Computing and Communications

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC