Title :
Entropy-minimization clustering technique for probabilistic packet marking scheme
Author :
Tan, Wei-Peng ; Lee, Bu-Sung ; Lee, Henry C J
Abstract :
Probabilistic packet marking (PPM) has been proposed for the identification of the true sources of spoofed IP packets typically used in denial of service (DoS) attacks. However, PPM suffers from high combination overhead and large false positives under large scale DDoS attacks. In this paper, we propose to use an entropy-minimization clustering technique to solve the limitations in PPM scheme. This technique is used to divide the attack traffics into clusters based on shared bottleneck. Consequently, it reduces the combination overhead and false positive. Our technique also preserves the advantages of the PPM scheme, as it works with any type of traffic (TCP, UDP, etc). It does not generate any new network traffic and it utilizes only the information at the IP layer. We have carried out theoretical analysis and simulation studies using ns-2 software to evaluate the proposed technique. Our results demonstrated that our approach gives significant higher precision and lower combination overhead for attack paths reconstruction under large scale DDoS.
Keywords :
Internet; minimum entropy methods; pattern clustering; probability; telecommunication security; telecommunication traffic; DDoS; DoS; IP packet; Internet; PPM; denial of service attacks; distributed DoS; entropy-minimization clustering technique; network traffic; ns-2 software; probabilistic packet marking; Analytical models; Computer crime; Large-scale systems; Network servers; Pressing; TCPIP; Telecommunication traffic; Traffic control; Web and internet services; Web server;
Conference_Titel :
Networks, 2004. (ICON 2004). Proceedings. 12th IEEE International Conference on
Print_ISBN :
0-7803-8783-X
DOI :
10.1109/ICON.2004.1409150
