Detection of DDoS attacks and flash events using information theory metricsAn empirical investigation
作者: Sunny Behal , Krishan Kumar
DOI: 10.1016/J.COMCOM.2017.02.003
关键词:
摘要: Investigates the preeminence of GE and GID metrics in detecting DDoS attacks.Proposes use to discriminate HR-DDoS attacks from FEs.The metric is shown compare favorably with popular information distance measures.Proposed methodology generalized, hence can detect future FE events. Preeminence Generalized Entropy (GE) Information Distance (GID) detection as compared extensively used Shannon Entropy, KL Divergence, other Flash Events, Sunny Behal, Krishan Kumar, Journal Computer Communications.Display Omitted A Distributed Denial Service (DDoS) attack an austere menace Internet-based services. The in-time poses a tough challenge network security. Revealing low-rate (LR-DDoS) comparatively more difficult modern high speed networks, since it easily conceal itself due its similarity legitimate traffic, so eluding current anomaly based methods. This paper investigates aptness impetus theory-based generalized entropy different types attacks. results are divergence measures. In addition, feasibility using these discriminating high-rate (HR-DDoS) similar looking flash event (FE) also verified. We real synthetically generated datasets elucidate efficiency effectiveness proposed scheme FEs. clearly show that perform well comparison have reduced false positive rate (FPR).
acm.org
sci-hub.se 参考文章(34)
A. Rényi, A. Renyi, On the Foundations of Information Theory Revue de l'Institut International de Statistique / Review of the International Statistical Institute. ,vol. 33, pp. 1- ,(1965) , 10.2307/1401301
Angelo Spognardi, Antonio Villani, Domenico Vitali, Luigi Vincenzo Mancini, Roberto Battistoni, Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets international conference on e business. ,vol. 455, pp. 192- 208 ,(2012) , 10.1007/978-3-662-44791-8_12
Édgar Roldán, Estimating the Kullback–Leibler Divergence Springer International Publishing. pp. 61- 85 ,(2014) , 10.1007/978-3-319-07079-7_3
Qin Liao, Hong Li, Songlin Kang, Chuchu Liu, Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching Security and Communication Networks. ,vol. 8, pp. 3111- 3120 ,(2015) , 10.1002/SEC.1236
Xinlei Ma, Yonghong Chen, DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy IEEE Communications Letters. ,vol. 18, pp. 114- 117 ,(2014) , 10.1109/LCOMM.2013.112613.132275
Sajal Bhatia, Desmond Schmidt, George Mohay, Alan Tickle, A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events Computers & Security. ,vol. 40, pp. 95- 107 ,(2014) , 10.1016/J.COSE.2013.11.005
Phurivit Sangkatsanee, Naruemon Wattanapongsakorn, Chalermpol Charnsripinyo, Practical real-time intrusion detection using machine learning approaches Computer Communications. ,vol. 34, pp. 2227- 2235 ,(2011) , 10.1016/J.COMCOM.2011.07.001
Jaeyeon Jung, Balachander Krishnamurthy, Michael Rabinovich, Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites the web conference. pp. 293- 304 ,(2002) , 10.1145/511446.511485
Giuseppe Aceto, Alessio Botta, Walter de Donato, Antonio Pescapè, D-ITG: Distributed Internet Traffic Generator Praxis Der Informationsverarbeitung Und Kommunikation. ,vol. 36, pp. 49- 49 ,(2013) , 10.1515/PIK-2012-0064
Joshua A. Alcorn, C. Edward Chow, A framework for large-scale modeling and simulation of attacks on an OpenFlow network 2014 23rd International Conference on Computer Communication and Networks (ICCCN). pp. 1- 6 ,(2014) , 10.1109/ICCCN.2014.6911848