Title :
Information metrics for low-rate DDoS attack detection: A comparative evaluation
Author :
Bhuyan, Monowar H. ; Bhattacharyya, Dhruba Kumar ; Kalita, Jugal Kumar
Author_Institution :
Dept. of Comput. Sci. & Eng., Kaziranga Univ., Jorhat, Iran
Abstract :
Invasion by Distributed Denial of Service (DDoS) is a serious threat to services offered on the Internet. A low-rate DDoS attack allows legitimate network traffic to pass and consumes low bandwidth. So, detection of this type of attacks is very difficult in high speed networks. Information theory is popular because it allows quantifications of the difference between malicious traffic and legitimate traffic based on probability distributions. In this paper, we empirically evaluate several information metrics, namely, Hartley entropy, Shannon entropy, Renyi´s entropy and Generalized entropy in their ability to detect low-rate DDoS attacks. These metrics can be used to describe characteristics of network traffic and an appropriate metric facilitates building an effective model to detect low-rate DDoS attacks. We use MIT Lincoln Laboratory and CAIDA DDoS datasets to illustrate the efficiency and effectiveness of each metric for detecting mainly low-rate DDoS attacks.
Keywords :
Internet; computer network security; entropy; statistical distributions; CAIDA DDoS dataset; Hartley entropy; Internet; MIT Lincoln Laboratory dataset; Renyi entropy; Shannon entropy; distributed denial-of-service; generalized entropy; information metrics; information theory; low-rate DDoS attack detection; network traffic; probability distributions; Computer crime; Entropy; Floods; Information entropy; Measurement; Probability distribution; Telecommunication traffic; DDoS attack; entropy; information metric; low-rate; network traffic;
Conference_Titel :
Contemporary Computing (IC3), 2014 Seventh International Conference on
Conference_Location :
Noida
Print_ISBN :
978-1-4799-5172-7
DOI :
10.1109/IC3.2014.6897151
