Title :
A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain
Author :
Kumar, Krishan ; Joshi, R.C. ; Singh, Kuldip
Author_Institution :
Dept. of Electron. & Comput. Eng., Indian Inst. of Technol., Roorkee
Abstract :
DDoS attacks are best detected near the victim´s site as maximum attack traffic converges at this point. In most of the current solutions, monitoring and analysis of traffic for DDoS detection have been carried at a single link which connects victim to ISP. However the mammoth volume generated by DDoS attacks pose the biggest challenge in terms of memory and computational overheads. These overheads make DDoS solution itself vulnerable against DDoS attacks. We propose to distribute these overheads amongst all POPs of the ISP using an ISP level traffic feature distribution based approach. An ISP level topology and well known attack tools are used for simulations in ns-2. The comparison with volume based approach clearly indicates the supremacy of the proposed methodology
Keywords :
Internet; computer network reliability; entropy; security of data; telecommunication network topology; telecommunication security; telecommunication traffic; DDoS attack detection; ISP level topology; Internet service provider; POP; distributed denial-of-service attacks; entropy; ns-2 simulations; points of presence; traffic convergence; volume based approach; Computational modeling; Computer crime; Distributed computing; Entropy; Histograms; Monitoring; Protection; Telecommunication traffic; Topology; Traffic control; Anomaly Detection; Distributed Denial-of-Service (DDoS); Entropy; False Negatives; False Positives;
Conference_Titel :
Signal Processing, Communications and Networking, 2007. ICSCN '07. International Conference on
Conference_Location :
Chennai
Print_ISBN :
1-4244-0997-7
Electronic_ISBN :
1-4244-0997-7
DOI :
10.1109/ICSCN.2007.350758
