Deakin University
Browse

File(s) under permanent embargo

An abnormal-based approach to effectively detect DDOS attacks

journal contribution
posted on 2009-01-01, 00:00 authored by Ke Li, Wanlei Zhou
Distributed Denial-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of order α of the generalized (Rényi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. In information theory, entropies make up the basis for distance and divergence measures among various probability densities. We design our abnormal-based detection metric using the generalized entropy. The experimental results show that our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order  α =2, and two hops earlier than the Shannon metric while order α =10.) but can also reduce both the false positive rate and the false negative rate, compared with the traditional Shannon entropy metric approach.

History

Journal

Journal of the Chinese institute of engineers

Volume

32

Issue

7

Pagination

889 - 895

Publisher

Chinese Institute of Engineers

Location

Taipei City Taiwan, Republic of China

ISSN

0253-3839

Language

eng

Publication classification

C1 Refereed article in a scholarly journal

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC