An Entropy-Based Countermeasure against Intelligent DoS Attacks Targeting Firewalls

Author

Al-Haidari, F. ; Sqalli, M. ; Salah, K. ; Hamodi, J.

Author_Institution

Coll. of Comput. Sci. & Eng., King Fahd Univ. of Pet. & Miner., Dhahran, Saudi Arabia

fYear

2009

fDate

20-22 July 2009

Firstpage

41

Lastpage

44

Abstract

Denial of service (DoS) attacks are very dangerous as they consume resources at the network and transport layers. Firewalls are considered as the first line of defense in any network. An attacker may use probing to learn a firewallpsilas policy, and then launch a DoS attack that floods the firewall with traffic targeting the rules at the bottom of this policy. In this paper, we propose a countermeasure that enables the firewall to endure the attack attempts without denying service to legitimate clients. The goal of this work is to use an entropy-based scheme to distinguish between the legitimate and attack traffic. Then, the legitimate traffic will be placed in a queue with a higher priority than the queue holding the attack traffic. The results show that the proposed scheme improves on the performance of the firewall under a DoS attack.

Keywords

authorisation; computer networks; telecommunication security; telecommunication traffic; denial of service attack; entropy-based countermeasure; firewalls; intelligent DoS attack; intrusion detection; Computer crime; Computer science; Degradation; Educational institutions; Floods; Intelligent networks; Petroleum; Telecommunication traffic; Throughput; Traffic control; Countermeasures; DoS Attacks; Entropy; Firewalls; Intrusion Detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2009. POLICY 2009. IEEE International Symposium on

Conference_Location

London

Print_ISBN

978-0-7695-3742-9

Electronic_ISBN

978-0-7695-3742-9

Type

conf

DOI

10.1109/POLICY.2009.14

Filename

5197382