Title :
DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time
Author :
Oshima, Shunsuke ; Nakashima, Takuo ; Sueyoshi, Toshinori
Author_Institution :
ICT Center for Learning Support, Kumamoto Nat. Coll. of Technol., Kumamoto, Japan
Abstract :
DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.
Keywords :
security of data; statistical analysis; DDoS detection technique; distributed denial-of-service attack; dynamic threshold calculation method; statistical analysis; Computer crime; Entropy; IP networks; Measurement; Organizations; Servers; Time factors; DoS/DDoS detection; entropy; statistical approach;
Conference_Titel :
Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010 International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-8448-5
Electronic_ISBN :
978-0-7695-4236-2
DOI :
10.1109/BWCCA.2010.153