DocumentCode :
2075770
Title :
Early DoS/DDoS Detection Method using Short-term Statistics
Author :
Oshima, Shunsuke ; Nakashima, Takuo ; Sueyoshi, Toshinori
Author_Institution :
Grad. Sch. of Sci. & Technol., Kumamoto Univ., Kumamoto, Japan
fYear :
2010
fDate :
15-18 Feb. 2010
Firstpage :
168
Lastpage :
173
Abstract :
Early detection methods are required to prevent the DoS / DDoS attacks. The detection methods using the entropy have been classified into the long-term entropy based on the observation of more than 10,000 packets and the short-term entropy that of less than 10,000 packets. The long-term entropy have less fluctuation leading to easy detection of anomaly accesses using the threshold, while having the defects in detection at the early attacking stage and of difficulty to trace the short term attacks. In this paper, we propose and evaluate the DoS/DDoS detection method based on the short-term entropy focusing on the early detection. Firstly, the pre-experiment extracted the effective window width; 50 for DDoS and 500 for slow DoS attacks. Secondly, we showed that classifying the type of attacks can be made possible using the distribution of the average and standard deviation of the entropy. In addition, we generated the pseudo attacking packets under a normal condition to calculate the entropy and carry out a test of significance. When the number of attacking packets is equal to the number of arriving packets, the high detection results with False-negative = 5% was extracted, and the effectiveness of the proposed method was shown.
Keywords :
entropy; security of data; statistical analysis; DoS-DDoS attacks; anomaly accesses; early DoS-DDoS detection method; pseudo attacking packets; short-term entropy; short-term statistics; Competitive intelligence; Computer crime; Entropy; Intelligent systems; Intrusion detection; Software systems; Statistics; Systems engineering and theory; Testing; Web server; A test of significance; DoS/DDoS attacks; IDS; Short-term entropy; Statistical Method;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Complex, Intelligent and Software Intensive Systems (CISIS), 2010 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5917-9
Type :
conf
DOI :
10.1109/CISIS.2010.53
Filename :
5447418
Link To Document :
بازگشت